Video Frames
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: video-frames Version: 1.0.0 The skill bundle is benign. The `SKILL.md` provides clear instructions for extracting video frames using `ffmpeg` and does not contain any prompt injection attempts against the AI agent. The `scripts/frame.sh` script correctly parses arguments, validates input, and executes `ffmpeg` commands with proper quoting, preventing shell injection. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or other high-risk behaviors. The functionality is clearly aligned with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user or agent supplies an existing output path, that file may be overwritten.
The script intentionally invokes ffmpeg and uses -y, which overwrites the requested output file without prompting. This is purpose-aligned for frame extraction, but it affects local files.
ffmpeg -hide_banner -loglevel error -y ... "$out"
Use a deliberate output path, preferably in a temporary or project-specific directory, and avoid pointing --out at important existing files.