Back to skill
Skillv1.0.0
ClawScan security
视频日语字幕 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 25, 2026, 10:56 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill largely matches its stated subtitle-translation purpose, but the shipped script contains hardcoded paths and a bearer token (QCLAW_TOKEN) and lacks declared credential requirements — these inconsistencies raise red flags and merit manual review before use.
- Guidance
- Do not run this script uninspected. Specific things to check or change before use: - Remove or rotate the hardcoded QCLAW_TOKEN; ideally provide the gateway URL and token via environment variables (and the skill metadata should declare them). - Verify QCLAW_GATEWAY is indeed a trusted local service (default is http://127.0.0.1:28789). If you point it to a remote HTTP endpoint, your subtitle text and token will be sent in cleartext. - Update the hardcoded filesystem paths (VIDEO_DIR, OUTPUT_DIR, FFMPEG_DIR) to match your environment or allow configuration via env vars/CLI arguments. - Confirm the ffmpeg binary path is valid; the script forces a process PATH change (only for the process) which is generally OK but indicates author-specific setup. - The script imports 'whisper' (openai-whisper) but comments mention faster-whisper — confirm which dependency you want and install accordingly. - Prefer the skill to declare required credentials (QCLAW_TOKEN) in metadata instead of embedding secrets in code. If you cannot validate the gateway and token, treat the token as compromised and avoid using it. If you want, I can produce a safer version of the script that reads gateway and token from environment variables, removes author-specific paths, and documents required env vars for the registry.
Review Dimensions
- Purpose & Capability
- okName/description match the implementation: the code extracts audio, runs Whisper transcription, sends batches to an LLM gateway for translation, converts SRT→ASS and uses ffmpeg to burn subtitles. Using a local LLM gateway, Whisper, and ffmpeg is coherent with the stated purpose.
- Instruction Scope
- concernSKILL.md and the script instruct the agent to run a local Python script that reads videos from a specified directory and POSTs subtitle text to an LLM gateway. The script modifies PATH and uses hardcoded absolute paths (e.g., D:\Users\liket..., E:\ffmpeg\...), and contains an embedded QClaw token. The runtime behavior is narrowly scoped to video files, but the embedded token and hardcoded paths grant more implicit access than the SKILL metadata declares (no required credentials listed).
- Install Mechanism
- okNo install spec — instruction-only with a Python script. No remote downloads or archive extraction. This is lower install risk, but the shipped script will execute on the host if run.
- Credentials
- concernRegistry metadata lists no required env vars or credentials, yet the script includes a hardcoded QCLAW_TOKEN and a gateway URL constant. Embedding a bearer token in published code is disproportionate and risky. The script also hardcodes user-specific filesystem paths and a specific ffmpeg path, which is unusual for a generic skill and may leak user-specific configuration if reused verbatim.
- Persistence & Privilege
- okThe skill is not always-on and does not request special platform privileges. It only modifies its process PATH variable at runtime and writes output files to an output directory. It does not modify other skills or system-wide configs.