ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

媒体处理工具集 - 压缩、封面提取、音频提取/格式转换,,无需下载完整视频

v1.0.0

流式视频处理工具集 - 压缩、封面提取、音频转换,无需下载完整视频

0· 31·0 current·0 all-time
by@370299455cx-web

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for 370299455cx-web/ym-mediatoolkit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "媒体处理工具集 - 压缩、封面提取、音频提取/格式转换,,无需下载完整视频" (370299455cx-web/ym-mediatoolkit) from ClawHub.
Skill page: https://clawhub.ai/370299455cx-web/ym-mediatoolkit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ym-mediatoolkit

ClawHub CLI

Package manager switcher

npx clawhub@latest install ym-mediatoolkit
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The files implement streaming compression, thumbnail extraction and audio extraction as advertised. However the skill executes ffmpeg/ffprobe via subprocess but the metadata lists no required binaries; omitting native dependency requirements is a mismatch that can cause surprise (and it should explicitly declare ffmpeg/ffprobe).
!
Instruction Scope
Runtime instructions and code accept arbitrary video_url inputs and perform HTTP range requests and full downloads; the run.py can start a Flask server bound to 0.0.0.0 exposing endpoints that trigger processing. That means when run in an environment with network access the skill can reach arbitrary internal/external URLs (SSRF-like risk) and accept remote requests — this is broader scope than a purely local utility.
Install Mechanism
There is no install spec (instruction-only for packaging), and Python dependency list is present. This reduces installer risk. Still, native binaries (ffmpeg/ffprobe) are required at runtime but not installed by the skill.
Credentials
The skill declares no environment variables or credentials, which is proportional. However it writes temporary files, can download video content to disk, and spawns subprocesses on arbitrary URLs — these behaviors can expose local disk/network resources and should be considered when granting the skill runtime network/file access.
!
Persistence & Privilege
always is false (good), but the skill can start a long-lived HTTP server listening on 0.0.0.0:8080 and uses threaded Flask. If the agent runs this skill with network visibility, the server could be reachable remotely; running as a persistent service increases attack surface and should be restricted or sandboxed.
What to consider before installing
What to consider before installing: - This skill relies on native binaries (ffmpeg and ffprobe) even though they are not declared; ensure you install these from trusted sources and that the runtime has them on PATH. - The code fetches arbitrary video URLs (including via HTTP Range) and runs ffmpeg on them — if the skill runs inside your environment it could be used to access internal network resources (SSRF). Restrict outbound network access or run in an isolated sandbox if you allow it. - run.py can start a Flask server bound to 0.0.0.0:8080; avoid exposing this to untrusted networks. If you must run the HTTP mode, bind to localhost or place behind an authenticated proxy/firewall. - The skill writes temp files and may fully download content in some code paths; monitor disk usage and configure tmp cleanup. - Review and test locally with non-sensitive URLs first. Consider code-auditing the ffmpeg command construction if you accept arbitrary user-supplied URLs or filenames to avoid path/command-injection edge cases. - If you need lowest risk, prefer running the functionality inside a restricted container with no access to internal network ranges and with ffmpeg/ffprobe explicitly provided by you.

Like a lobster shell, security has layers — review code before you run it.

latestvk9776ae1ma6x2ajkmdqz6vtd1x85mf70
31downloads
0stars
1versions
Updated 20h ago
v1.0.0
MIT-0
@370299455cx-web
latest
Download

Video Streaming Toolkit

概述

一个高性能的流式视频处理 Skill,无需下载完整视频文件即可完成:

  • 视频压缩 - 保持清晰度,体积可压缩至 1/10,根据情况输出多个尺寸小尺寸视频可供选择
  • 封面提取 - 任意时间点或帧号提取封面
  • 音频提取 - 转成 MP3 / WAV / AAC / M4A 格式

所有操作均采用流式处理,边下载边处理,大幅节省时间和磁盘空间。

快速开始

1. 安装依赖

pip install -r requirements.txt

Comments

Loading comments...