Skillv1.0.1

ClawScan security

Byted Las Long Video Understand · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 7:36 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation and scripts largely match its stated purpose (audio extraction + splitting) but contain several unexplained or risky elements—undeclared required credentials/binaries and a runtime pip install from a remote URL—that make the package's behavior disproportionate and worth closer review before installation.
Guidance: This skill appears to do what it says (extract/split audio) but has a few red flags you should address before running it: 1) Confirm and require the SKILL metadata to declare LAS_API_KEY and any VOLCENGINE_* keys (the SKILL.md expects them but the registry shows none). 2) Inspect the remote wheel and manifest URLs (https://las-ai-cn-beijing-online.tos-cn-beijing.volces.com/...) and ask for a checksum or official release link (prefer GitHub releases or PyPI over an opaque host). 3) Be cautious about storing keys in env.sh in working directories—prefer passing credentials via secure vaults or ephemeral prompts. 4) Note the scripts call ffprobe and lasutil; ensure those binaries are available and legitimate. 5) If you will run this in a production environment, run it first in an isolated sandbox where pip-installed remote code cannot access sensitive systems. If the skill author can provide: (a) an explicit list of required env vars and binaries in the registry metadata, (b) a signed/checked URL or hash for the wheel, or (c) a vetted install from PyPI/GitHub, your confidence in installing it would increase.

Review Dimensions

Purpose & Capability: concernThe SKILL.md requires LAS_API_KEY (and may require VOLCENGINE_ACCESS_KEY/VOLCENGINE_SECRET when downloading results) and expects lasutil/ffprobe, but the registry metadata lists no required env vars or binaries. Asking for cloud credentials (VOLCENGINE_*) and using a TOS upload flow is consistent with a Volcengine LAS integration, but the skill manifest did not declare these requirements—this mismatch is incoherent and surprising to an installer.
Instruction Scope: noteInstructions are prescriptive and stay within the stated task (check keys, optionally upload local files to TOS, estimate cost, call lasutil process, present results). However they also instruct creating/reading an env.sh in the current directory for keys and sourcing scripts that will fetch and install remote SDK code. The agent is instructed to request missing credentials from the user (expected) but also to read local env files and to run remote-updating logic—this expands the skill's runtime scope beyond simple API calls.
Install Mechanism: concernNo formal install spec is provided, but scripts/env_init.sh will curl a remote manifest and then pip install a wheel from https://las-ai-cn-beijing-online.tos-cn-beijing.volces.com/... (non-PyPI host). That causes execution of code fetched at runtime from a third-party URL (not a well-known, reviewed release host). This is higher risk than an instruction-only skill that uses only preinstalled binaries.
Credentials: concernSKILL.md requires LAS_API_KEY (explicit) and may require VOLCENGINE_ACCESS_KEY/VOLCENGINE_SECRET for certain flows, yet the registry lists no required environment variables. The skill also encourages storing an API key in env.sh in the working directory. Requesting cloud API keys for uploading results is plausible for this purpose, but the omission from metadata plus instructions to create/read local env files (which may contain secrets) is disproportionate/unexpected and should be explicitly called out to users.
Persistence & Privilege: okalways is false and the skill does not request permanent platform-wide privileges. It creates a virtualenv in project root or current directory and may install an SDK into that environment at runtime; it does not claim to modify other skills or system-wide agent settings.