Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AI MEDIAKIT VIDEO EDIT
v1.0.2AI 视频智能剪辑 Skill。输入视频文件路径(支持多个)、可选弹幕文件路径、可选字幕文件路径, 结合弹幕和字幕内容理解视频语境,根据用户剪辑诉求(如"截取所有高能时刻"、 "剪出讲解xxx的部分")自动提取对应时间段、拼接并添加转场效果,最终用 FFmpeg 合成输出视频。 当用户提及"视频剪辑"、"根据弹幕...
⭐ 1· 106·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is a local video-editing pipeline that analyzes danmaku/subtitle files and uses ffmpeg and Remotion (Node) to render effects and produce output videos. The provided Python and Node files implement the described functionality. Required tools (python, node, ffmpeg/ffprobe) are exactly those needed for the declared tasks; no unrelated credentials or services are requested.
Instruction Scope
SKILL.md instructs the agent to verify/require python, ffmpeg/ffprobe, and node, and to run npm install inside the included template if node_modules is missing. At runtime the code reads user-supplied video, danmaku, and subtitle files and writes output video files. There are no instructions to read unrelated system files or to send data to external endpoints beyond package installation and Remotion bundling. The skill does use ORIGINAL_CWD when resolving relative output paths — outputs may be written relative to that directory.
Install Mechanism
There is no platform install spec — the skill is instruction-only. SKILL.md suggests running `npm install` in the template directory to fetch Remotion and other dependencies (package.json is included). npm install will fetch packages from the public registry and can run install scripts; this is expected for this kind of template but is a supply-chain risk to be aware of. No remote payload downloads or obscure URLs are embedded in the package files themselves.
Credentials
The skill declares no required environment variables or credentials. The code optionally reads REMOTION_SERVE_URL (to reuse an existing Remotion server) and ORIGINAL_CWD (to resolve relative outputs), both reasonable for its operation. No secrets or unrelated environment access is requested.
Persistence & Privilege
The skill does not request permanent/always-on presence (always: false). It does not modify other skills or system-wide settings. It will write output files and temporary files in paths supplied by the user or derived from ORIGINAL_CWD, which is normal for a local video processing tool.
Assessment
This package appears coherent for intelligent video editing: it analyzes subtitles/danmaku, cuts clips with ffmpeg, and renders Remotion effects via Node. Before running: (1) ensure you trust and review the included package.json (template dependencies) because `npm install` will download packages and may run install scripts; consider running it in an isolated environment or using `--ignore-scripts` if you only need JS sources. (2) Confirm ffmpeg/ffprobe and Python/Node versions are from trusted sources. (3) Note the scripts read any file paths you pass and will write outputs relative to ORIGINAL_CWD or the paths you specify—avoid passing sensitive files or paths you don't want overwritten. (4) If you need higher assurance, inspect template package versions and the installed node_modules before running rendering.Like a lobster shell, security has layers — review code before you run it.
latestvk970je4p8w465b6x97h1n5mrxd83nrdq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.