FFBox
v0.1.5-3-003FFBox multimedia transcoding tool integration. FFmpeg-based GUI for video/audio/image format conversion, compression, filtering, batch media processing with...
⭐ 0· 121·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (FFBox integration) matches the runtime instructions: all examples and API calls target the FFBox HTTP API (default localhost:33269) and FFmpeg. The skill does not request unrelated credentials or system-wide installs.
Instruction Scope
SKILL.md instructs the agent to query the local FFBox API, create tasks, start queues, and (optionally, with user consent) run a webhook listener or cron polling. These are within the stated purpose, but creating network listeners, scheduling cron jobs, and sending notifications via an external CLI are privileged actions that require explicit user approval. The doc warns about asking permission and not uploading files without consent, but some instructions (e.g., 'traverse reading all filenames' and creation of listeners) are permissive/ambiguous and could lead to broader file access or opening ports if not constrained by the user.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. Nothing will be written to disk by the skill package itself, which is the lowest install risk.
Credentials
The skill declares no environment variables or credentials. However, the API docs mention optional Bearer token auth if FFBox is exposed, and the instructions reference invoking an external messaging CLI (openclaw message send) without declaring it as a required binary. Users should ensure any external tooling (PowerShell, openclaw CLI, or other messenger integrations) is present and permitted before the agent attempts to use it.
Persistence & Privilege
Skill flags do not request always-on or elevated platform privileges. The instructions propose creating transient webhook listeners or cron jobs only with user consent; those would be user-initiated actions rather than an always-enabled skill footprint.
Assessment
This skill appears to be a legitimate integration guide for a local FFBox service, but before installing or using it: (1) Confirm FFBox is actually installed locally and that you intend to expose its API; (2) Do not allow the agent to upload files to remote hosts or open network listeners unless you explicitly trust the target and understand firewall implications; (3) If the agent proposes to send notifications via a third-party CLI (example: openclaw), verify that CLI is installed and that you want it invoked; (4) Be cautious about granting permission to scan directories—limit operations to explicit file paths you approve; (5) If FFBox is configured with authentication, supply tokens only when necessary and consider ephemeral tokens; (6) Because the skill source and homepage are unknown, prefer manual verification of any scripts the agent proposes to run (review code before starting listeners or creating cron jobs).Like a lobster shell, security has layers — review code before you run it.
alphavk971p12n72n55vt5a2kvha9rg583cpwmlatestvk971p12n72n55vt5a2kvha9rg583cpwm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.