ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ZeroCut AI Video

Use ZeroCut CLI media and document tools. Invoke when user needs generate media, run ffmpeg/pandoc, sync resources, or save outputs.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 14 · 0 current installs · 0 all-time installs
by@smartdiana
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md is clearly written to drive a 'zerocut' CLI (many zerocut ... examples), but the skill metadata declares no required binaries and has no install spec or source/homepage. A consumer would reasonably expect the zerocut binary (or installation instructions) to be declared — its absence is an incoherence.
!
Instruction Scope
Instructions tell the agent to sync arbitrary local paths or URLs into a sandbox and to auto-download outputs to the local working directory. They also say generated media 'are synced to TOS' with no explanation. While these behaviors are plausible for a media tool, they create scope for unexpected data transfer (exfiltration) and for fetching untrusted remote resources. The doc claims command validation (ffmpeg/ffprobe/pandoc) but as an instruction-only skill there is no enforcement here — the platform or binary must implement that validation.
Install Mechanism
This is an instruction-only skill (no install spec), which is low-risk from a code-install perspective. However, omission of the required zerocut binary installation or a statement that the environment already includes it is surprising and reduces coherence.
!
Credentials
The skill requests no credentials or env vars, yet it mentions syncing outputs to 'TOS' (unspecified) and syncing resources from URLs. If the skill actually uploads to an external service it would typically need credentials or at least document the endpoint — the lack of declared credentials or explanation is disproportionate or missing information.
Persistence & Privilege
The skill does not request always: true, does not declare autonomous elevation, and has no install hooks. It appears to rely on the existing environment and does not demand persistent platform privileges.
What to consider before installing
Before installing or using this skill: 1) Ask the publisher (or check source/homepage) for the zerocut CLI binary location and installation steps — this skill assumes a binary but doesn't declare it. 2) Ask what 'TOS' refers to and where generated media are uploaded; do not proceed unless you trust that endpoint. 3) Avoid passing sensitive local files or credentials via --refs/--resources since the skill syncs files and may upload outputs. 4) If you must try it, run in an isolated environment (sandbox/container) and monitor network/file activity. 5) Prefer skills that publish source, a homepage, or explicitly list required binaries and any endpoints they contact.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97c03rz305j84b5es1xdy398n830j5r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

ZeroCut CLI Tools

Purpose

This skill provides a single reference for using ZeroCut CLI commands:

  • image generation
  • video generation
  • music generation
  • text-to-speech
  • ffmpeg sandbox execution
  • pandoc sandbox execution

When To Invoke

Invoke this skill when the user asks to:

  • generate image, video, music, or speech audio
  • run ffmpeg or ffprobe command in sandbox
  • run pandoc conversion in sandbox
  • sync local/remote resources into sandbox
  • save generated results to local output files

Command Reference

image

Default action: create

zerocut image --prompt "a cat on a bike" --output out.png
zerocut image create --prompt "a cat on a bike" --model seedream-5l --aspectRatio 1:1 --resolution 1K --refs ref1.png,ref2.jpg --output out.png

Options:

  • --prompt <prompt> required
  • --model <model>
  • --aspectRatio <ratio>
  • --resolution <resolution>
  • --refs <refs> comma-separated local paths or URLs
  • --output <file> save generated file

video

Default action: create

zerocut video --prompt "city night drive" --video vidu --duration 8 --output out.mp4
zerocut video create --prompt "city night drive" --video vidu --aspectRatio 1:1 --refs ref1.png,ref2.png --output out.mp4

Options:

  • --prompt <prompt> required
  • --video <model>
  • --duration <seconds>
  • --seed <seed>
  • --firstFrame <image>
  • --lastFrame <image>
  • --refs <assets>
  • --resolution <resolution>
  • --aspectRatio <ratio>
  • --withAudio
  • --optimizeCameraMotion
  • --output <file>

music

Default action: create

zerocut music --prompt "lofi beat" --output music.mp3
zerocut music create --prompt "lofi beat" --output music.mp3

Options:

  • --prompt <prompt> required
  • --output <file>

tts

Default action: create

zerocut tts --text "你好,欢迎使用 ZeroCut" --voiceId voice_xxx --output speech.mp3
zerocut tts create --prompt "calm tone" --text "Hello world" --voiceId voice_xxx --output speech.mp3

Options:

  • --prompt <prompt>
  • --text <text> required
  • --voiceId <voiceId>
  • --output <file>

ffmpeg

zerocut ffmpeg --args -i input.mp4 -vn output.mp3 --resources input.mp4
zerocut ffmpeg --args -i input.mp4 -vf scale=1280:720 output.mp4 --resources input.mp4

Options:

  • --args <args...> required, arguments appended after ffmpeg
  • --resources <resources...> optional, files/URLs to sync into sandbox materials

Behavior:

  • command is validated to only allow ffmpeg or ffprobe
  • for ffmpeg, -y is auto-injected when absent
  • output file is auto-downloaded from sandbox to local current directory

pandoc

zerocut pandoc --args input.md -o output.pdf --resources input.md
zerocut pandoc --args input.md --output=output.docx --resources input.md template.docx

Options:

  • --args <args...> required, arguments appended after pandoc
  • --resources <resources...> optional, files/URLs to sync into sandbox materials

Behavior:

  • command is validated to only allow pandoc
  • output file must be specified in args with -o, --output, or --output=...
  • output file is auto-downloaded from sandbox to local current directory

Output And Sync Rules

  • Media URLs from generation are synced to TOS when available.
  • --output saves files to an absolute path resolved from current working directory.
  • Missing parent directories for --output are created automatically.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…