Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Jianying Editor Skill
v1.0.0剪映 (JianYing) AI自动化剪辑的高级封装 API (JyWrapper)。提供开箱即用的 Python 接口,支持录屏、素材导入、字幕生成、Web 动效合成及项目导出。
⭐ 0· 19·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description align with the included files: many Python scripts, examples, CLI helpers and data/asset manifests for JianYing-style editing, TTS, recording, exporting and asset sync. The repository contents reasonably match the stated capabilities.
Instruction Scope
SKILL.md gives concrete runtime commands (many python scripts) and directs the agent to read/write project drafts, run recorder, sync assets, and call cloud asset URLs. This is consistent with an editor skill, but it means the agent will perform filesystem operations and network downloads at runtime; SKILL.md also references environment variables (e.g., JY_SKILL_ROOT) and runtime config files that are not declared in registry metadata.
Install Mechanism
There is no install spec — this is instruction/code-only. No archive downloads or external installers are declared. Note: many included scripts perform network I/O at runtime (e.g., sync_jy_assets, cloud asset URLs), but those are runtime behaviors, not install-time downloads.
Credentials
Registry requires no environment variables or credentials, but SKILL.md and scripts reference JY_SKILL_ROOT and include asset-sync and cloud-URL usage. That is a mild inconsistency: the skill may require user configuration or authentication at runtime (for syncing native assets or accessing private cloud APIs) even though no credentials are declared up front.
Persistence & Privilege
always is false and the skill does not request to be always-present or to modify other skills. The repository contains scripts that will read/write projects and may create files in the user's project root (the README/CRITICAL RULES explicitly direct storing user scripts in the project root), which is expected for an editor tool.
Assessment
This package appears internally consistent with a JianYing editing wrapper, but exercise normal caution: 1) Source/homepage is unknown — prefer code review before running. 2) Inspect scripts that perform network I/O (sync_jy_assets.py, cloud-related code) to see whether they require credentials or POST data you don't expect. 3) Run the skill in an isolated environment (container/VM) the first time, and back up any project directories it may modify. 4) Because SKILL.md references JY_SKILL_ROOT and other runtime config not declared in the registry, confirm what environment variables or auth the scripts will actually use. 5) If you will allow the agent to invoke this autonomously, remember it will have the ability to run the included Python scripts which read/write files and contact external URLs — only grant that if you trust the package and have reviewed the network behaviors.Like a lobster shell, security has layers — review code before you run it.
latestvk979h8aqwb56hxhmtn7vyz893h84nndb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.