Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
抖音下载+语义分段
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its Douyin download/transcription purpose, but it under-discloses that semantic segmentation can send transcript text to MiniMax using an undeclared API key.
Before installing, assume extract may download media, create local files, upload audio to Silicon Flow, and, if MINIMAX_API_KEY is available, send transcript text to MiniMax. Use --no-segment or unset MINIMAX_API_KEY if you do not want that extra external provider involved.
Static analysis
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A user may believe transcript segmentation stays inside OpenClaw when it can be sent to a third-party provider.
Why it was flagged
The user-facing documentation says segmentation uses OpenClaw's built-in LLM, but douyin.js defines and calls a MiniMax external API for segmentation. This changes the user's understanding of where transcript content goes.
Skill content
- ✂️ 语义分段(调用 OpenClaw 内置 LLM) ... 自动调用 OpenClaw 内置 LLM 进行**自然语义分段**
Recommendation
Update the documentation to clearly name MiniMax, explain what data is sent, and make external segmentation an explicit, well-disclosed choice.
What this means
If MINIMAX_API_KEY is present in the environment, the skill may use that account and quota without the user expecting it from the README or metadata.
Why it was flagged
The code can use a MiniMax API key, while the registry/SKILL requirements only disclose SILI_FLOW_API_KEY. This adds an undeclared credential and account authority.
Skill content
* - MINIMAX_API_KEY: MiniMax API 密钥 (用于语义分段功能) ... apiKey = process.env.MINIMAX_API_KEY;
Recommendation
Declare MINIMAX_API_KEY in metadata and SKILL.md, document the provider and scope, and avoid using it unless the user explicitly enables segmentation.
What this means
Private or sensitive speech transcriptions from a video could be shared with an additional external service.
Why it was flagged
The transcribed text is sent to MiniMax for chat completion-based segmentation. That external data boundary is not accurately disclosed in SKILL.md, which describes an OpenClaw built-in LLM.
Skill content
const MINIMAX_BASE_URL = 'https://api.minimaxi.com'; ... { role: "user", content: text } ... spawn('curl', [ ... '-d', JSON.stringify(data) ])Recommendation
Clearly disclose all external providers, send only user-approved content, provide a default local/no-segment option, and document retention/privacy expectations.
What this means
The skill depends on local binaries and will execute them with the paths and API request data it constructs.
Why it was flagged
The skill runs local ffmpeg and curl subprocesses. This is expected for media extraction and provider API calls, and the code uses argument arrays rather than shell string execution, but it is still local command execution.
Skill content
const proc = spawn('ffmpeg', args); ... const proc = spawn('curl', [Recommendation
Use trusted ffmpeg/curl binaries, keep output paths scoped, and consider replacing curl subprocess calls with native HTTPS requests to reduce command-line credential exposure.