ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

07 Subtitle Gen

v1.0.3

Generate synced SRT subtitles locally from dialogue text and durations without API, ensuring platform-compatible timed captions for videos.

0· 166·1 current·1 all-time
by@ghwyever

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ghwyever/07-subtitle-gen.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "07 Subtitle Gen" (ghwyever/07-subtitle-gen) from ClawHub.
Skill page: https://clawhub.ai/ghwyever/07-subtitle-gen
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install 07-subtitle-gen

ClawHub CLI

Package manager switcher

npx clawhub@latest install 07-subtitle-gen
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The manifest and SKILL.md claim to generate synced subtitles from an audio input. The included code never fetches or analyzes audio_url, does not compute timings from audio, and simply returns a single static 00:00:00 --> 00:00:03 caption with the dialogue appended. The required input (audio_url) is declared but unused, and no actual subtitle file is created or hosted despite returning a subtitle_url string. This is an implementation mismatch with the stated purpose.
!
Instruction Scope
SKILL.md stays within the narrow scope of local subtitle generation and does not instruct reading unrelated files or contacting external endpoints. However, the runtime instructions and the code disagree: the docs imply real audio processing, but runtime code is a trivial stub. That mismatch is concerning because users (or agents) will expect behavior the skill does not provide.
Install Mechanism
No install spec and no external downloads. The skill is instruction-only with a tiny included Node.js entrypoint; nothing is written to disk or fetched during install. Low install risk.
Credentials
No environment variables, credentials, or config paths are requested. The declared surface is minimal and proportionate to the claimed local operation.
Persistence & Privilege
always is false and the skill does not request persistent system-level privileges or attempt to modify other skills or agent-wide settings. Normal user-invocable behavior.
What to consider before installing
This skill is low-risk from a security perspective (no network calls, no credentials, no install), but it's misleading: it advertises synced subtitle generation from audio yet the code ignores the audio_url and returns a static 3-second SRT fragment. Before installing or using it, consider: 1) Do not rely on this for production — test it with non-sensitive audio to confirm behavior. 2) Ask the author for a correct implementation that actually processes audio and writes/hosts the SRT, or modify the code yourself. 3) Be aware that subtitle_url is just a filename string; the skill does not create or expose a real file or URL. If you need real audio-to-timestamped subtitles, choose a different, well-implemented skill or request additional code that genuinely analyzes audio.

Like a lobster shell, security has layers — review code before you run it.

latestvk9788b6ppg5z6hz7hvaceh63h584k82j
166downloads
0stars
4versions
Updated 2w ago
v1.0.3
MIT-0
@ghwyever
latest
Download

自动字幕生成技能

功能介绍

根据音频自动生成带时间轴的标准SRT字幕。

输入参数

  • audio_url:音频地址(必填)
  • dialogue:台词文本(可选)

输出结果

  • subtitle_url:SRT字幕文件地址

使用场景

  • 短剧自动加字幕
  • 短视频快速字幕制作
  • 批量音视频字幕生成

技术说明

纯本地运行,无需API、无需模型配置。

Comments

Loading comments...