Skills
skills/nkchivas/openclaw-skill-video-frames/video-frames/Gen Agent Trust Hub

video-frames

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/frame.sh executes the ffmpeg utility to perform video frame extraction. It uses variables derived from command-line arguments to specify the input file, output path, and frame selection parameters.
  • [EXTERNAL_DOWNLOADS]: The skill's metadata in SKILL.md identifies ffmpeg as a dependency and provides installation instructions using the Homebrew (brew) package manager, which is a well-known and trusted service.
  • [PROMPT_INJECTION]: The skill processes external data (video files and parameters) which constitutes an indirect injection surface.
  • Ingestion points: The scripts/frame.sh script accepts file paths and selection parameters (--time, --index) as inputs from the agent's context.
  • Boundary markers: No specific delimiters or instructions are used within the script to separate data from commands.
  • Capability inventory: The skill performs subprocess execution of the ffmpeg binary which has extensive capabilities for file and network access.
  • Sanitization: The script checks for the existence of the input file but does not perform validation or sanitization on the selection parameters before they are passed to the ffmpeg command or filtergraph.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 03:37 PM