Skillv1.4.0

ClawScan security

PPT to Video（汇报视频生成） · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 10, 2026, 10:23 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it says (generate videos from PPT+materials), but its runtime instructions and code include broad filesystem scanning/copying and shell command execution (execSync) plus a hard-coded user path — these behaviors increase risk and deserve careful review before use.
Guidance: This skill appears to implement PPT→video generation as advertised, but review and take precautions before running: - Inspect generate.js for any places it constructs shell commands (execSync) using filenames. If filenames are interpolated into shell commands without sanitization, they can cause command injection; prefer commands invoked with argv arrays. - Don't run the tool pointed at your entire home or repository root — the script recursively scans and copies .md/.pptx/.pdf/.txt files and will therefore gather unrelated or sensitive documents. Point it only at a trusted folder. - Change the default OUTPUT_BASE or supply --output to avoid writing into the hard-coded /home/Vincent/... path left in the script. - Understand that edge-tts is a network TTS client: your text will likely be sent to external TTS services (Microsoft Edge TTS) for synthesis. If content is confidential, use an offline TTS engine or review the TTS client behavior. - Run the skill in an isolated environment (container/VM) the first time, and confirm the external commands it invokes (libreoffice, pdftotext, ffmpeg) are the expected ones. If you need a deeper audit, provide the full generate.js (untruncated) so execSync usages and any network calls can be inspected.

Review Dimensions

Purpose & Capability: noteName/description match the shipped code and instructions: the scripts collect slides and markdown, perform matching, call TTS and ffmpeg/LibreOffice for screenshots and composition. However the code embeds a hard-coded OUTPUT_BASE (/home/Vincent/.openclaw/...) and SKILL.md examples reference that same local path, which is unrelated to the general purpose and indicates the package was packaged from a specific developer environment without sanitization.
Instruction Scope: concernSKILL.md and generate.js instruct the agent to recursively scan arbitrary input directories (and 'note' folders), copy matched files into a temporary project folder, and run external tools. That scanning/copying can pick up unrelated or sensitive files if the user points the skill at a large project or home directory. The instructions also instruct installing and using edge-tts (network TTS) and running local binaries (libreoffice, pdftoppm, ffmpeg). This broad file access is within the apparent goal but is expansively scoped and may be surprising to non-technical users.
Install Mechanism: okNo install spec is provided (instruction-only), and the SKILL.md lists standard native dependencies (node, pip edge-tts, ffmpeg, LibreOffice, poppler-utils, ImageMagick). Nothing is downloaded from an untrusted URL in the manifest. Risk is from executing local commands, not from an installer.
Credentials: noteThe skill requests no environment variables or credentials. However it depends on edge-tts (a network TTS client) which will contact external TTS services — the SKILL.md does not call this out as sending content to remote servers. The code will copy arbitrary files into the temp project and write output to a default hard-coded home path unless overridden; that file I/O is expected but may expose data if outputs are later shared.
Persistence & Privilege: okThe skill is not always-enabled and does not request special platform privileges. It creates temp project folders and writes outputs to disk (normal for this type of tool). There is no evidence it modifies other skills or global agent configuration.