Skillv1.0.0

ClawScan security

Product Demo Video Creator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 7:45 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it claims (record browser demos with TTS, overlays, and FFmpeg) and its files align with that purpose, but there are several operational and safety concerns you should review before running it.
Guidance: This skill is coherent with its stated purpose, but take these precautions before running: - Inspect and (if needed) edit SCENES in scripts/record-demo.mjs so they only point to public pages you control; do NOT point it to authenticated or private pages unless you understand the privacy risk (screenshots capture page content). - Review any narration or scene id content before running; the script uses execSync with string commands (edge-tts, ffmpeg, ffprobe). Avoid untrusted text that could include shell metacharacters. Prefer running the script manually in a sandbox first. - Be careful running scripts/install-deps.sh: it downloads an FFmpeg static build and copies binaries to /usr/local/bin (requires elevated privileges). Consider installing dependencies through your package manager or verifying the downloaded archive before copying. - Expect edge-tts to contact Microsoft servers (network activity). If offline or privacy-sensitive, do not generate TTS there. - Run the whole workflow in an isolated environment (VM/container) or non-production machine until you’re comfortable. If you plan to adapt the code, consider replacing execSync string commands with child_process spawn/execFile and validated argument lists to avoid shell injection. If you want, I can point out the specific lines in record-demo.mjs that are highest risk and suggest safer code changes.

Review Dimensions

Purpose & Capability: okName, description, and included files (Puppeteer script, edge-tts usage, PIL overlay generation, FFmpeg commands) match the stated goal of creating product demo videos; no unrelated credentials, config paths, or services are requested.
Instruction Scope: noteSKILL.md and record-demo.mjs instruct the agent to visit arbitrary URLs and screenshot them, generate TTS via edge-tts (calls Microsoft servers), run FFmpeg/ffprobe, and create overlay images with a generated Python script. This stays within the stated purpose, but noteworthy runtime behaviors: the tool will capture screenshots of any provided URL (including authenticated/private pages if pointed there), and it invokes external network services (edge-tts). The code uses execSync with shell-interpolated strings (narration, filenames, ids) which can lead to command-injection risks if scene IDs or narration text are untrusted.
Install Mechanism: noteThere is no platform-level install spec, but an included scripts/install-deps.sh downloads an FFmpeg static build from johnvansickle.com (a common FFmpeg static source) and copies binaries to /usr/local/bin. The script also uses apt/dnf package installs and pip installs. Downloading and extracting an archive and copying into /usr/local/bin is invasive and will require elevated privileges; the curl+tar approach is higher risk than using a package manager but the upstream source is known.
Credentials: okThe skill does not request environment variables or credentials, and the code does not read secret env vars. The only external services used are Microsoft TTS via edge-tts and standard utilities (ffmpeg, chromium).
Persistence & Privilege: notealways:false and no special agent permissions requested. The install script writes system-wide binaries (/usr/local/bin) and installs fonts/packages; running that script will require sudo/root on many systems. The skill does not attempt to modify other skills or agent configurations.