ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Video Remix

Enables remixing video content by editing, combining, or transforming video files for creative or production workflows.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 15 · 0 current installs · 0 all-time installs
by@zhaoyta
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code files implement expected features for a 'Video Remix' skill: downloading (yt-dlp), transcribing (Whisper), and segment analysis. However the metadata and SKILL.md do not declare the real runtime dependencies (yt-dlp binary / package and the openai-whisper package), and the skill lacks a clear description of when it should fetch remote content. The requested capabilities are mostly proportional to the stated purpose, but the missing dependency declarations are an inconsistency.
!
Instruction Scope
SKILL.md is largely placeholder/TODO content and provides no precise runtime instructions or guardrails. The presence of executable scripts means an agent could be instructed (or decide) to run downloads and transcriptions without clear limits. download_video.py will invoke yt-dlp to fetch remote videos (network I/O) and transcribe.py will process files locally — both actions can cause the agent to fetch and store remote content and process potentially sensitive material. There are no explicit constraints, consent checks, or destination/telemetry calls in the scripts, but the vagueness of the SKILL.md increases the risk of unexpected behavior.
Install Mechanism
There is no install spec (instruction-only), which is lower risk for arbitrary installs. However the code relies on external tooling that is not declared: download_video.py calls the 'yt-dlp' binary via subprocess, and transcribe.py requires the 'whisper' Python package (openai-whisper). The skill provides no automated install steps or requirements listing, so it may fail or require manual installation — an inconsistency that could lead to ad-hoc dependency installation.
Credentials
The skill does not request any environment variables, credentials, or config paths. There are no obvious secrets/exfiltration channels in the code: scripts operate on local files and invoke yt-dlp to download content; they do not POST transcripts to external endpoints. This is proportionate to the described video processing purpose.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges or modify other skills. It writes files to local output directories and prints JSON or files, which is normal for this use case.
What to consider before installing
Before installing or enabling this skill, consider the following: - The SKILL.md is incomplete and does not provide runtime guardrails; review the code yourself before allowing the agent to run anything. - The scripts will download remote videos (yt-dlp) and transcribe them (Whisper). The skill does not declare these dependencies — you must manually install yt-dlp (binary/package) and the openai-whisper Python package for it to work. - Downloading from YouTube may violate terms of service or copyright depending on the content and your intended use. Only use with content you are permitted to download and process. - The agent (by default) can invoke the skill autonomously. With an under-specified SKILL.md the agent might download or process videos without explicit, contextual consent. If you want to avoid autonomous downloads, restrict invocation or require user confirmation. - The scripts do not transmit transcripts to third-party endpoints, but transcripts can contain sensitive or private information. Treat produced transcript files as sensitive data and store them securely or redact before sharing. - If you proceed, run the scripts in a sandboxed/isolated environment (container/VM) to limit filesystem and network exposure, verify installed dependencies, and test behavior with non-sensitive sample videos first. If you want this skill to be less risky, ask the author to: (1) complete SKILL.md with explicit step-by-step runtime instructions and consent prompts, (2) list required binaries/packages in metadata (yt-dlp, openai-whisper), and (3) add opt-in safeguards (confirm before downloading external URLs, limit maximum download size/duration, and log operations).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk972rgke42cbwwvc6te2w267ds831nhy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Video Remix

Overview

[TODO: 1-2 sentences explaining what this skill enables]

Structuring This Skill

[TODO: Choose the structure that best fits this skill's purpose. Common patterns:

1. Workflow-Based (best for sequential processes)

  • Works well when there are clear step-by-step procedures
  • Example: DOCX skill with "Workflow Decision Tree" -> "Reading" -> "Creating" -> "Editing"
  • Structure: ## Overview -> ## Workflow Decision Tree -> ## Step 1 -> ## Step 2...

2. Task-Based (best for tool collections)

  • Works well when the skill offers different operations/capabilities
  • Example: PDF skill with "Quick Start" -> "Merge PDFs" -> "Split PDFs" -> "Extract Text"
  • Structure: ## Overview -> ## Quick Start -> ## Task Category 1 -> ## Task Category 2...

3. Reference/Guidelines (best for standards or specifications)

  • Works well for brand guidelines, coding standards, or requirements
  • Example: Brand styling with "Brand Guidelines" -> "Colors" -> "Typography" -> "Features"
  • Structure: ## Overview -> ## Guidelines -> ## Specifications -> ## Usage...

4. Capabilities-Based (best for integrated systems)

  • Works well when the skill provides multiple interrelated features
  • Example: Product Management with "Core Capabilities" -> numbered capability list
  • Structure: ## Overview -> ## Core Capabilities -> ### 1. Feature -> ### 2. Feature...

Patterns can be mixed and matched as needed. Most skills combine patterns (e.g., start with task-based, add workflow for complex operations).

Delete this entire "Structuring This Skill" section when done - it's just guidance.]

[TODO: Replace with the first main section based on chosen structure]

[TODO: Add content here. See examples in existing skills:

  • Code samples for technical skills
  • Decision trees for complex workflows
  • Concrete examples with realistic user requests
  • References to scripts/templates/references as needed]

Resources (optional)

Create only the resource directories this skill actually needs. Delete this section if no resources are required.

scripts/

Executable code (Python/Bash/etc.) that can be run directly to perform specific operations.

Examples from other skills:

  • PDF skill: fill_fillable_fields.py, extract_form_field_info.py - utilities for PDF manipulation
  • DOCX skill: document.py, utilities.py - Python modules for document processing

Appropriate for: Python scripts, shell scripts, or any executable code that performs automation, data processing, or specific operations.

Note: Scripts may be executed without loading into context, but can still be read by Codex for patching or environment adjustments.

references/

Documentation and reference material intended to be loaded into context to inform Codex's process and thinking.

Examples from other skills:

  • Product management: communication.md, context_building.md - detailed workflow guides
  • BigQuery: API reference documentation and query examples
  • Finance: Schema documentation, company policies

Appropriate for: In-depth documentation, API references, database schemas, comprehensive guides, or any detailed information that Codex should reference while working.

assets/

Files not intended to be loaded into context, but rather used within the output Codex produces.

Examples from other skills:

  • Brand styling: PowerPoint template files (.pptx), logo files
  • Frontend builder: HTML/React boilerplate project directories
  • Typography: Font files (.ttf, .woff2)

Appropriate for: Templates, boilerplate code, document templates, images, icons, fonts, or any files meant to be copied or used in the final output.

Not every skill requires all three types of resources.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…