ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ffmpeg剪辑大师

v1.0.0

使用 FFmpeg 进行多媒体编辑,包括视频剪辑、拼接、转码、特效、截图、水印、变速、音频处理等 20 种操作。当用户提到"FFmpeg""视频剪辑""视频拼接""视频压缩""视频格式转换""截图""水印""变速""倒放""GIF""音频提取""音频降噪""音量调节""画中画""裁剪""旋转""字幕""过渡特效"...

0· 116·0 current·0 all-time
by王新平(Wang-Xin-ping)@showtimewalker
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (FFmpeg multimedia editing) match the included scripts and declared requirements. Required binaries (ffmpeg, ffprobe, python/py) are expected. The 'uv' binary is required by the SKILL.md examples (uv run ...) and is consistent with the provided quick-call instructions, though users unfamiliar with 'uv' should verify what that tool is.
Instruction Scope
SKILL.md and the scripts consistently operate on local files using ffmpeg/ffprobe. The runtime instructions focus on running scripts in the skill directory and writing outputs locally; they explicitly state no external APIs or network transfer. The code validates inputs and uses temporary files for concat/palette generation and cleans them up.
Install Mechanism
There is no install spec (no external downloads or installers). The skill ships Python scripts that are executed directly. No network-based installation or archive extraction is requested, which keeps install risk low.
Credentials
Only OUTPUT_ROOT is requested (optional; defaults to the user's home). The common code writes outputs and log files under OUTPUT_ROOT/outputs/ffmpeg and OUTPUT_ROOT/outputs/logs — this is appropriate for a file-processing tool but you should be aware it will create files under that directory by default. No API keys or unrelated credentials are requested.
Persistence & Privilege
always: false and model invocation not disabled (normal). The skill does not request persistent platform-level privileges. It writes logs and outputs to its own subdirectories under OUTPUT_ROOT but does not modify other skills or system-wide configurations.
Assessment
This skill appears to do what it claims: run FFmpeg locally on files. Before installing or running it, consider: 1) Ensure you have trusted ffmpeg/ffprobe builds on PATH (the scripts expect full-featured ffmpeg). 2) Confirm what 'uv' is on your system (the README uses `uv run`) or run the scripts directly with your Python interpreter if you prefer. 3) Set OUTPUT_ROOT to a directory you control (not your entire home) to avoid unexpected files/logs being created in your home directory. 4) Inspect the common.py emit_result/emit_multi_result implementations (the provided excerpt was truncated) to verify they only write local JSON/logs and do not transmit data externally. 5) If you plan to run on sensitive files, test the skill in an isolated environment first and back up originals. Overall the codebase shows no apparent network exfiltration or unrelated credential requests.

Like a lobster shell, security has layers — review code before you run it.

latestvk9723j7epv1d8gp38ar7g01505846cys

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsuv, ffmpeg, ffprobe
Any binpython, python3, py
EnvOUTPUT_ROOT

Comments