volcengine-ai-mediakit Security Report — Trusted | ClawSafe

0 /100

volcengine-ai-mediakit

火山引擎 AI MediaKit 音视频处理 Skill - Video/audio processing via Volcengine VOD APIs

Volcengine AI MediaKit skill is a legitimate video/audio processing tool that makes standard API calls to Volcengine VOD services with no malicious behavior detected.

Skill Namevolcengine-ai-mediakit

Duration66.1s

Enginepi

✓

Safe to install

This skill is safe to use. Continue following standard security practices with credential management.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	upload_media.py:40 - Only reads files from workspace/, userdata/, /tmp with expl…
Network	`WRITE`	`WRITE`	✓ Aligned	All requests go to vod.volcengineapi.com and Volcengine TOS storage endpoints
Shell	`NONE`	`NONE`	—	No subprocess or shell execution found
Environment	`READ`	`READ`	✓ Aligned	Only reads VOLCENGINE_* credential variables for API auth
Skill Invoke	`READ`	`READ`	✓ Aligned	Standard skill invocation pattern
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

15 findings

🔗

Medium External URL 外部 URL

https://www.volcengine.com/docs/4/76542?lang=zh

references/00-billing-instructions.md:5

🔗

Medium External URL 外部 URL

https://www.volcengine.com/docs/4/1941016?lang=zh

references/00-billing-instructions.md:7

🔗

Medium External URL 外部 URL

https://www.volcengine.com/docs/4/1941013?lang=zh

references/00-billing-instructions.md:8

🔗

Medium External URL 外部 URL

https://www.volcengine.com/docs/4/177122

references/00-billing-instructions.md:10

🔗

Medium External URL 外部 URL

https://www.volcengine.com/docs/4/1941015?lang=zh

references/00-billing-instructions.md:10

🔗

Medium External URL 外部 URL

https://www.volcengine.com/docs/4/76542?lang=zh#%E5%AD%98%E5%82%A8%E6%B5%81%E5%87%BA

references/00-billing-instructions.md:11

🔗

Medium External URL 外部 URL

https://cdn.example.com/output.mp4

references/01-stitching.md:48

🔗

Medium External URL 外部 URL

https://cdn.example.com/output.m4a

references/07-extract-audio.md:22

🔗

Medium External URL 外部 URL

https://cdn.example.com/voice.m4a

references/10-voice-separation.md:23

🔗

Medium External URL 外部 URL

https://cdn.example.com/bg.m4a

references/10-voice-separation.md:24

🔗

Medium External URL 外部 URL

https://cdn.example.com/segment_001.mp4

references/19-intelligent-slicing.md:24

🔗

Medium External URL 外部 URL

https://cdn.example.com/output.webm

references/20-portrait-matting.md:24

🔗

Medium External URL 外部 URL

https://xxx.volcvod.com/xxx.mp4

references/22-comic-style.md:58

🔗

Medium External URL 外部 URL

https://www.volcengine.com/docs/4/1941013#%E8%A7%86%E9%A2%91-ai-%E5%BA%94%E7%94%A8

references/24-video-translation.md:73

🔗

Medium External URL 外部 URL

https://cdn.example.com/xxx/video.mp4?auth=xxx

references/27-get-media-info.md:41

File Tree

69 files · 237.3 KB · 6859 lines

Python 38f · 4574L Markdown 30f · 2268L Text 1f · 17L

├─ ▾ 📁 references

│ ├─ 📝 00-billing-instructions.md Markdown 10L · 1.5 KB

│ ├─ 📝 00-detail.md Markdown 8L · 715 B

│ ├─ 📝 01-stitching.md Markdown 67L · 1.8 KB

│ ├─ 📝 02-clipping.md Markdown 39L · 995 B

│ ├─ 📝 03-flip.md Markdown 38L · 932 B

│ ├─ 📝 04-speedup.md Markdown 55L · 1.1 KB

│ ├─ 📝 05-image-to-video.md Markdown 53L · 1.7 KB

│ ├─ 📝 06-compile.md Markdown 51L · 1.6 KB

│ ├─ 📝 07-extract-audio.md Markdown 33L · 686 B

│ ├─ 📝 08-mix-audios.md Markdown 43L · 943 B

│ ├─ 📝 09-add-sub-video.md Markdown 54L · 1.9 KB

│ ├─ 📝 10-voice-separation.md Markdown 48L · 1.3 KB

│ ├─ 📝 11-noise-reduction.md Markdown 44L · 1.1 KB

│ ├─ 📝 12-quality-enhance.md Markdown 40L · 1004 B

│ ├─ 📝 13-super-resolution.md Markdown 63L · 1.5 KB

│ ├─ 📝 14-interlacing.md Markdown 41L · 1023 B

│ ├─ 📝 15-asr-speech-to-text.md Markdown 73L · 1.7 KB

│ ├─ 📝 16-ocr-text-extract.md Markdown 39L · 845 B

│ ├─ 📝 17-subtitle-removal.md Markdown 39L · 888 B

│ ├─ 📝 18-add-subtitle.md Markdown 85L · 2.9 KB

│ ├─ 📝 19-intelligent-slicing.md Markdown 40L · 1.2 KB

│ ├─ 📝 20-portrait-matting.md Markdown 40L · 1.0 KB

│ ├─ 📝 21-green-screen.md Markdown 40L · 1010 B

│ ├─ 📝 22-comic-style.md Markdown 99L · 2.5 KB

│ ├─ 📝 23-highlight.md Markdown 143L · 3.6 KB

│ ├─ 📝 24-video-translation.md Markdown 287L · 9.6 KB

│ ├─ 📝 25-drama-recap.md Markdown 238L · 7.4 KB

│ ├─ 📝 26-drama-script.md Markdown 148L · 4.3 KB

│ └─ 📝 27-get-media-info.md Markdown 52L · 1.5 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 add_subtitle.py Python 50L · 1.5 KB

│ ├─ 🐍 api_manage.py Python 1161L · 50.2 KB

│ ├─ 🐍 asr_speech_to_text.py Python 42L · 1.1 KB

│ ├─ 🐍 clipping.py Python 38L · 1.0 KB

│ ├─ 🐍 comic_style.py Python 153L · 5.3 KB

│ ├─ 🐍 compile.py Python 42L · 1.4 KB

│ ├─ 🐍 drama_recap.py Python 276L · 11.0 KB

│ ├─ 🐍 drama_script.py Python 184L · 6.3 KB

│ ├─ 🐍 extract_audio.py Python 35L · 945 B

│ ├─ 🐍 flip.py Python 32L · 852 B

│ ├─ 🐍 get_media_info.py Python 114L · 3.6 KB

│ ├─ 🐍 green_screen.py Python 45L · 1.2 KB

│ ├─ 🐍 highlight.py Python 140L · 4.6 KB

│ ├─ 🐍 image_to_video.py Python 40L · 1.2 KB

│ ├─ 🐍 intelligent_slicing.py Python 43L · 1.2 KB

│ ├─ 🐍 interlacing.py Python 50L · 1.4 KB

│ ├─ 🐍 list_translation.py Python 133L · 3.9 KB

│ ├─ 🐍 log_utils.py Python 29L · 849 B

│ ├─ 🐍 mix_audios.py Python 32L · 884 B

│ ├─ 🐍 noise_reduction.py Python 40L · 1.0 KB

│ ├─ 🐍 ocr_text_extract.py Python 37L · 930 B

│ ├─ 🐍 poll_media.py Python 31L · 923 B

│ ├─ 🐍 poll_translation.py Python 102L · 2.6 KB

│ ├─ 🐍 poll_vcreative.py Python 24L · 652 B

│ ├─ 🐍 portrait_matting.py Python 45L · 1.3 KB

│ ├─ 🐍 quality_enhance.py Python 43L · 1.2 KB

│ ├─ 🐍 speedup.py Python 48L · 1.4 KB

│ ├─ 🐍 stitching.py Python 41L · 1.3 KB

│ ├─ 🐍 subtitle_removal.py Python 41L · 1.1 KB

│ ├─ 🐍 super_resolution.py Python 58L · 1.9 KB

│ ├─ 🐍 upload_media.py Python 206L · 6.5 KB

│ ├─ 🐍 video_translation.py Python 362L · 13.8 KB

│ ├─ 🐍 vod_api_constants.py Python 43L · 1.8 KB

│ ├─ 🐍 vod_common.py Python 108L · 4.4 KB

│ ├─ 🐍 vod_local_upload.py Python 421L · 17.5 KB

│ ├─ 🐍 vod_transport.py Python 124L · 4.2 KB

│ ├─ 🐍 voice_separation.py Python 37L · 968 B

│ └─ 🐍 volc_request.py Python 124L · 4.0 KB

├─ 📄 LICENSE.txt Text 17L · 879 B

└─ 📝 SKILL.md Markdown 258L · 12.7 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`requests`	`*`	pip	No	Version not pinned - consider pinning for reproducibility
`python-dotenv`	`*`	pip	No	Version not pinned - consider pinning for reproducibility

Security Positives

✓ No shell execution vectors (subprocess, os.system, popen, exec, eval, base64)

✓ No credential harvesting beyond documented Volcengine API keys

✓ No sensitive path access (no ~/.ssh, ~/.aws, .env exfiltration)

✓ No data exfiltration to third-party endpoints

✓ All network requests target official Volcengine VOD APIs only

✓ File upload has explicit path whitelist validation (workspace/, userdata/, /tmp)

✓ Comprehensive SKILL.md documentation matching implementation

✓ No hidden instructions, obfuscation, or concealed behavior

✓ Proper HMAC signature authentication for API requests

✓ No eval() or dynamic code execution

Scan Report

File Tree

Dependencies 2 items

Security Positives