Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Prep Video
v1.0.0Prepares a video by verifying all required assets from a script on Google Drive and triggers generation or reports missing files.
⭐ 0· 253·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description says it verifies Drive assets and triggers generation, which is coherent, but the bundled script requires rclone and jq (hard-coded paths), relies on an rclone remote name (manus_google_drive) and a pipeline script in ~/.openclaw-workspace/skills/aura-video — none of these requirements are declared in the skill metadata or SKILL.md. The need to execute another skill's pipeline script is unexpected and requires explicit justification.
Instruction Scope
SKILL.md describes downloading/parsing a JSON and checking Drive assets but does not mention using Telegram for notifications nor the exact mechanism for accessing Google Drive. The included script sends messages to Telegram, uses rclone to access Drive, and executes an external pipeline script; these actions are not documented in the runtime instructions and therefore expand scope beyond what the SKILL.md describes.
Install Mechanism
There is no install spec (instruction-only), which keeps on-disk changes minimal, but the script presumes /usr/local/bin/rclone and /usr/local/bin/jq exist and that an rclone remote (manus_google_drive) is configured. Those runtime dependencies should be declared so users know what will be required.
Credentials
The skill metadata declares no secrets or env vars, yet the script contains a hard-coded Telegram BOT_TOKEN and CHAT_ID and depends on an rclone remote (which implies Drive credentials stored in rclone config). Hard-coded credentials in code are a sensitive mismatch and the skill transmits information to an external endpoint (api.telegram.org).
Persistence & Privilege
The skill does not request always:true, but it executes a pipeline script located in another skill's workspace (~/.openclaw-workspace/skills/aura-video/scripts/aura_video.sh). Running that other script can execute arbitrary code with the agent's user privileges. Autonomous invocation combined with the hard-coded external-notification token increases the blast radius compared with a self-contained check.
What to consider before installing
Do not install blindly. Specific things to ask or fix before using: (1) Remove the hard-coded Telegram BOT_TOKEN/CHAT_ID from the script — treat that string as a secret and provide it via a documented environment variable or secure config; if that token is real, rotate it immediately. (2) Update SKILL.md and metadata to declare required binaries (rclone, jq) and the need for an rclone remote configured for Google Drive, or provide setup steps. (3) Explain and/or avoid executing the pipeline script at ~/.openclaw-workspace/skills/aura-video/scripts/aura_video.sh; instead let users explicitly provide the path or require confirmation — review that pipeline script thoroughly before allowing execution. (4) Confirm what information is sent to Telegram (paths, IDs, etc.) and whether that is acceptable for your environment. If the author cannot justify these choices or remove embedded credentials, treat the skill as unsafe to install.Like a lobster shell, security has layers — review code before you run it.
latestvk9745hnwt1rxr99f52yxm2pgv982815r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.