DD Video Analyzer

Type: OpenClaw Skill Name: dd-video-analyzer Version: 1.0.0 The skill bundle provides legitimate video transcription and analysis functionality but contains shell injection vulnerabilities in `scripts/analyze.sh`. The script passes the `$URL` and `$OUTPUT_DIR` arguments directly to shell commands (yt-dlp, ffmpeg, and mkdir) without sufficient sanitization, which could lead to arbitrary command execution if the AI agent is provided with a crafted input. While the behavior aligns with the stated purpose, the lack of input validation in a script intended for AI-automated execution poses a significant security risk.