RoughCut
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can run local processing commands when invoked, so an incorrect repo_root or modified script could affect local files or run unintended code.
The main workflow tells the agent to run a local shell script against a user-selected video and output directory.
bash "$REPO_ROOT/scripts/openclaw/roughcut.sh" \ --video "$VIDEO_ABS_PATH" \ --out "$OUTPUT_ROOT"
Use only a trusted RoughCut checkout, inspect the script before first use, and run it only with an explicit user-approved video path or URL.
The behavior depends on whatever code exists in the configured local repository.
The skill depends on an external/local repository for the actual runner rather than bundling the reviewed script in the artifact.
Confirm RoughCut repo is present on the same Mac. - Repo: https://github.com/samerGMTM22/OpenClaw-RoughCut
Pin or verify the RoughCut repository version and ensure repo_root points to the intended directory.
Using fluff removal may consume the user's Gemini quota or expose derived processing data to the configured Gemini workflow.
The optional fluff-removal path uses a Gemini API credential, which is disclosed and purpose-aligned but still grants access to a provider account or billing context.
If the user enables fluff removal, ensure `GEMINI_API_KEY` is set in the environment that will run RoughCut.
Use a restricted API key if possible, provide it through environment/config mechanisms rather than casual chat, and enable fluff removal only when needed.