Xeon Smartupscale
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: xeon-smartupscale Version: 0.1.0 The skill bundle provides a video upscaling pipeline using OpenVINO, but the `install.sh` script employs high-risk patterns including bootstrapping `pip` via `curl | python` from `bootstrap.pypa.io` and downloading static `ffmpeg` binaries from a third-party site (`johnvansickle.com`). Furthermore, `SKILL.md` contains anomalous `echo` command fragments (e.g., `echo "--- created ---"`) interspersed with instructions, which could be interpreted as a messy prompt-injection attempt or a generation artifact. While the core logic in `smartupscale.sh` and `sr_video_ov.py` appears aligned with the stated purpose, the combination of remote execution during installation and irregular markdown instructions warrants a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may run third-party code from PyPI, PyPA, and a static ffmpeg provider on the local machine.
The installer may execute downloaded pip bootstrap code, install some unpinned Python dependencies, and download a static ffmpeg archive without an artifact-shown checksum. This is expected for a video-processing skill but introduces normal dependency provenance risk.
curl -sSL https://bootstrap.pypa.io/get-pip.py | python ... python -m pip install "openvino==2025.2.0" numpy opencv-python-headless ... curl -sSL https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz
Install only from a trusted environment, prefer system ffmpeg when available, and consider adding pinned dependency versions and checksum verification for downloaded archives.