ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AOI Demo Clip Maker

v0.1.4

Create and edit macOS hackathon demo clips via terminal commands to record, crop, trim, and apply presets using ffmpeg/ffprobe locally.

0· 724·0 current·0 all-time
by@edmonddantesj
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the code and SKILL.md: the skill wraps ffmpeg/ffprobe to list devices, record, crop, trim, and provide a preset. It does not request unrelated credentials or config paths. The only external dependency it requires in practice is ffmpeg/ffprobe (documented in SKILL.md).
Instruction Scope
SKILL.md describes only local ffmpeg/ffprobe usage and no network/exfiltration. The code adheres to that: it spawns local ffmpeg/ffprobe processes and prints output. However, the README claims a “strict allowlist of binaries and arguments” while the implementation only enforces a binaries allowlist (ALLOWED_BINS) and does not validate or restrict ffmpeg arguments. Also, record enforces that --out be a simple filename (no '/' or '..'), but crop/trim/preset do not consistently restrict output paths — so the code may read/write arbitrary paths supplied by the user.
Install Mechanism
No install spec; this is an instruction-only skill with an included Node CLI script. No external downloads or install steps are present in the package metadata.
Credentials
The skill requests no environment variables, no credentials, and no config files. It does not attempt network connections or include any hard-coded endpoints. This is proportionate for a local ffmpeg wrapper.
Persistence & Privilege
always is false and the skill does not modify other skills or system configuration. It runs only when invoked and doesn't request elevated persistent privileges.
Assessment
This skill appears to do what it says: run local ffmpeg/ffprobe commands to record and edit demo clips on macOS. Before installing or running it: (1) ensure ffmpeg and ffprobe are from a trusted source, (2) only run the CLI from an unprivileged account (avoid root), (3) be cautious about filenames/paths you pass to crop/trim — the script does not consistently block absolute paths or path traversal for all commands, so don't supply sensitive system paths as inputs/outputs, and (4) understand that although binaries are allowlisted, arguments are not validated, so review exact ffmpeg usage if you need stricter argument controls. If you want higher assurance, request the author to (a) consistently sanitize/validate input/output paths for all commands and (b) implement an explicit allowlist or sanitization for ffmpeg arguments or construct ffmpeg invocations in a way that prevents injection of unintended flags.

Like a lobster shell, security has layers — review code before you run it.

latestvk975smptkbfa05t2v5bgacqnph819n9k
724downloads
0stars
5versions
Updated 6h ago
v0.1.4
MIT-0
@edmonddantesj
latest
Download

AOI Demo Clip Maker (macOS)

S-DNA: AOI-2026-0215-SDNA-CLIP01

What this is

A terminal-only (public-safe) utility skill to create hackathon demo clips on macOS.

It wraps ffmpeg/ffprobe to:

  • list capture devices (avfoundation)
  • record a screen for N seconds
  • crop the top bar (menu/title)
  • trim clips
  • use simple presets

What this is NOT

  • No YouTube upload
  • No form submission
  • No external posting
  • No secret handling

Requirements

  • macOS
  • ffmpeg and ffprobe installed
  • Screen Recording permission granted to your terminal app

Commands

1) List devices (avfoundation)

aoi-clip devices

2) Record (screen capture)

# pixel_format auto-fallback is enabled by default
# (tries: uyvy422 → nv12 → yuyv422 → 0rgb → bgr0)
aoi-clip record --out tempo_demo_raw.mp4 --duration 15 --fps 30 --screen "Capture screen 0"

# optionally force a specific pixel format
# aoi-clip record --out tempo_demo_raw.mp4 --duration 15 --fps 30 --screen "Capture screen 0" --pixel uyvy422

3) Crop top bar

# explicit crop
aoi-clip crop --in tempo_demo_raw.mp4 --out tempo_demo_crop.mp4 --top 150

# auto-recommend top crop based on video height (still applies crop, but chooses a value)
aoi-clip crop --in tempo_demo_raw.mp4 --out tempo_demo_crop.mp4 --top auto

4) Trim

aoi-clip trim --in tempo_demo_crop.mp4 --out tempo_demo_15s.mp4 --from 0 --to 15

5) Preset: terminal

aoi-clip preset terminal --out demo.mp4

Security / Audit posture

This skill runs local ffmpeg/ffprobe only, using a strict allowlist of binaries and arguments.

Release governance (public)

We publish AOI skills for free and keep improving them. Every release must pass our Security Gate and include an auditable changelog. We do not ship updates that weaken security or licensing clarity. Repeated violations trigger progressive restrictions (warnings → publish pause → archive).

Support

License

MIT

Comments

Loading comments...