Xeon Smartupscale
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may run third-party code from PyPI, PyPA, and a static ffmpeg provider on the local machine.
The installer may execute downloaded pip bootstrap code, install some unpinned Python dependencies, and download a static ffmpeg archive without an artifact-shown checksum. This is expected for a video-processing skill but introduces normal dependency provenance risk.
curl -sSL https://bootstrap.pypa.io/get-pip.py | python ... python -m pip install "openvino==2025.2.0" numpy opencv-python-headless ... curl -sSL https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz
Install only from a trusted environment, prefer system ffmpeg when available, and consider adding pinned dependency versions and checksum verification for downloaded archives.