ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Media Analyzer

v1.0.0

Analyze local or online audio and video files to extract detailed media metadata, audio features, video frames, and waveform visualizations.

0· 112·0 current·0 all-time
by@sxliuyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description match the included shell script which uses ffprobe/ffmpeg to extract metadata, frames and waveforms. Minor inconsistency: registry metadata lists no required binaries, but SKILL.md and the script clearly require ffmpeg/ffprobe.
Instruction Scope
SKILL.md and the script operate on local file paths (and will accept URLs only to the extent ffmpeg/ffprobe support them). Instructions do not reference unrelated files, environment variables, or external endpoints, and the script does not attempt to collect or transmit data beyond writing output images/JSON locally.
Install Mechanism
No install spec; the skill is instruction-only with an included shell script. No downloads or archives are fetched at install time.
Credentials
No environment variables, credentials, or config paths are requested. This is proportionate for a local media processing tool.
Persistence & Privilege
always is false, the skill does not request persistent or elevated privileges, nor does it modify other skills or system configuration.
Assessment
This skill appears to be a straightforward ffmpeg/ffprobe-based media analysis helper. Before installing: 1) Be aware you must have ffmpeg/ffprobe installed from a trusted source; the registry metadata didn't declare binaries but SKILL.md and the script require them. 2) The tool operates on local files (batch mode will iterate every file in a directory), so avoid pointing it at directories containing sensitive data unless you trust the outputs. 3) The script parses ffprobe JSON using grep/cut (fragile but not malicious); test on non-critical files first. 4) If you need explicit network behavior (download remote media), confirm with the author whether that is supported and safe. Running the script in a sandbox or with non-sensitive sample files is a good precaution.

Like a lobster shell, security has layers — review code before you run it.

latestvk970gyfqa4q5w7c8gq3djqnx1s833c61

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments