ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

video-edit-strategy

v1.0.0

分析素材与用户意图,输出结构化 JSON 剪辑策略(分镜、时间线、转场、音频、文字)。当用户要求制作短视频、混剪、或提供了素材但未给出具体剪辑指令时调用。策略输出供 ffmpeg-cli / ffmpeg-video-editor 等下游 skill 执行。

0· 160·0 current·0 all-time
byElk@se7enelk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (generate structured JSON video-edit strategies) matches the SKILL.md behavior: probing media, asking clarifying questions, and producing an execution_plan for downstream ffmpeg skills. One minor inconsistency: the instructions require running ffprobe (and assume ffmpeg tooling downstream), but the registry metadata lists no required binaries.
Instruction Scope
SKILL.md explicitly instructs probing user-provided file paths with ffprobe and to produce full JSON using original file paths and /tmp/ve_strategy for intermediates. This is expected for a strategy generator, but it does mean the agent will read metadata from arbitrary paths the user supplies and will reference those paths in outputs (which downstream executors may then read). There are no instructions to send data to external endpoints or to read unrelated system config.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest surface area. No downloads or archive extraction are present.
Credentials
The skill requests no environment variables, credentials, or config paths. All declared requirements (none) are proportional to the stated purpose. Note: it implicitly requires ffprobe/ffmpeg binaries at runtime but those are not declared in metadata.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skills. It only generates strategy JSON and references files under /tmp/ve_strategy for intermediate outputs; this is within expected scope.
Assessment
This skill appears to do what it says: create a structured JSON editing plan for provided media. Before installing or invoking it, consider: 1) The SKILL.md expects ffprobe/ffmpeg tooling but the metadata did not list required binaries — ensure your environment actually has ffprobe/ffmpeg or steps that call them will fail. 2) The skill will probe any file paths you provide (ffprobe reads local files) and will include those original paths in the generated plan; downstream execution may then read those files. Only provide paths to files you are comfortable allowing the agent and downstream skills to reference. 3) Intermediate artifacts are placed under /tmp/ve_strategy — check and clean that directory if needed. 4) The skill does not request credentials or external endpoints, but downstream executor skills (ffmpeg-cli, ffmpeg-video-editor) will perform actual file operations; only use trusted executors. 5) If you need stricter sandboxing, run this skill in an environment with limited filesystem access or only provide copies of needed files. If you want higher assurance, ask the publisher/source (not provided here) to declare required binaries and to confirm expected downstream skill mappings.

Like a lobster shell, security has layers — review code before you run it.

latestvk975gvz6sf3wey3ez7q0kk0da1832vp6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments