Is ffmpeg-video-editor safe?

https://clawhub.ai/MahmoudAdelbghany/ffmpeg-video-editor

85
SAFE

This is a benign FFmpeg command reference skill that contains no malicious code, no external dependencies, no hidden instructions, and no data exfiltration vectors. Its only risk surface is inherent to its purpose: generating shell commands for video processing. The mandatory -y (overwrite) flag and auto-generated filenames create a minor risk of accidental file overwrites. The filesystem monitoring shows only platform-level activity with no network connections or canary file tampering.

Category Scores

Prompt Injection 82/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 72/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (7)

MEDIUM Mandatory overwrite flag bypasses user confirmation -10

The skill instructs the agent to 'Always include -y (overwrite)' on every ffmpeg command. The -y flag causes ffmpeg to overwrite output files without asking for confirmation. This means if a user's existing file matches the auto-generated output name (e.g., video_trimmed.mp4), it will be silently overwritten.

LOW Persona assignment overrides default agent behavior -8

The skill assigns a persona ('You are a video editing assistant') which modifies the agent's self-concept. This is standard practice for skills but is noted as it changes how the agent responds to user requests.

MEDIUM Shell command generation is the skill's core function -20

The entire skill is designed to generate ffmpeg shell commands for execution. While this is the stated purpose and all commands are legitimate ffmpeg operations, it creates a shell execution surface. Malformed or adversarial user input could potentially lead to command injection if the agent does not properly quote/escape filenames, though the skill's templates do use double-quoted filenames.

LOW Concat feature instructs agent to create intermediate files -8

The merge/concatenate feature instructs the agent to first create a text file (files.txt) listing video paths, then pass it to ffmpeg. This file creation step is beyond simple command execution, though it is standard ffmpeg concatenation workflow.

LOW AWS credentials and .env files accessed during install -8

During the clone/install phase, the monitoring detected access to /home/oc-exec/.aws/credentials and /home/oc-exec/.env. This appears to be platform-level behavior (OpenClaw installer) rather than skill-initiated, as no network connections were made and canary files remained intact. However, it is noted for completeness.

INFO No exfiltration vectors detected -5

The skill contains no instructions to read sensitive files, contact external services, or encode data for transmission. All operations are local file transformations.

LOW Auto-generated filenames could cause accidental overwrites -30

The skill instructs the agent to auto-generate output filenames (e.g., video_trimmed.mp4, video_compressed.mp4) when the user doesn't specify one. Combined with the mandatory -y flag, this creates a risk of silently overwriting existing files with common names.