mp4-to-mp3-extractor Security Report — Low Risk | ClawSafe

25 /100

mp4-to-mp3-extractor

批量将指定目录下的 .mp4 视频文件提取为 .mp3 音频文件

A legitimate MP4-to-MP3 converter with undocumented dynamic package installation and unpinned dependencies, but no malicious behavior detected.

Skill Namemp4-to-mp3-extractor

Duration58.1s

Enginepi

✓

Safe to install

Declare subprocess/shell:WRITE in SKILL.md permissions, pin all dependency versions, and document the ffmpeg auto-download and venv creation behaviors.

Findings 5 items

Severity	Finding	Location
Medium	Undeclared subprocess usage Doc Mismatch SKILL.md declares only python bin requirement but code uses subprocess for ffmpeg, pip, and venv management. shell:WRITE permission is missing from declarations. `requires: bins: - python` → Update SKILL.md to declare subprocess/shell:WRITE for ffmpeg execution, pip installs, and venv creation	`SKILL.md:1`
Medium	Undocumented dynamic package installation Doc Mismatch ensure_package.py auto-installs tqdm, ffmpeg-downloader, and pydub without user consent, version pinning, or documentation. This modifies the execution environment silently. `ensure_package.pip("tqdm", "tqdm")` → Document dynamic package installation behavior or pre-install dependencies in a requirements.txt	`scripts/extract.py:17`
Medium	Unpinned dependencies with third-party mirror Supply Chain All pip packages installed without version constraints from https://pypi.tuna.tsinghua.edu.cn/simple mirror. This enables dependency confusion attacks. `-i, https://pypi.tuna.tsinghua.edu.cn/simple` → Pin all dependency versions (e.g., tqdm==4.66.0) and prefer official PyPI	`scripts/ensure_package.py:50`
Low	Undeclared ffmpeg binary download Doc Mismatch ensure_ffmpeg() downloads ffmpeg binaries (~100-200MB) from third-party sites (gyan.dev, johnvansickle, evermeet) via ffdl install with interactive 'Y' input, not mentioned in docs. `subprocess.run(["ffdl", "install"], input="Y\n")` → Document the automatic ffmpeg download or require users to pre-install it	`scripts/extract.py:40`
Low	Undeclared virtual environment creation Doc Mismatch env_manager.py creates a venv at SKILL_ROOT/../../venv (outside skill directory) without documentation. This modifies system state beyond the skill directory. `VENV_DIR = _BASE_PATH.parent.parent.parent / "venv"` → Document venv location or make it configurable within the skill directory	`scripts/config.py:22`

Resource	Declared	Inferred	Status	Evidence
Shell	`NONE`	`WRITE`	✗ Violation	scripts/extract.py:41-50 subprocess.run for ffmpeg
Shell	`NONE`	`WRITE`	✗ Violation	scripts/ensure_package.py:49-52 pip install subprocess
Shell	`NONE`	`WRITE`	✗ Violation	scripts/env_manager.py:67 venv.create and pip upgrade
Filesystem	`READ`	`WRITE`	✗ Violation	scripts/env_manager.py:70 creates venv directory
Filesystem	`READ`	`WRITE`	✗ Violation	scripts/logger_manager.py:32 writes rotating log files

3 findings

🔗

Medium External URL 外部 URL

https://pypi.tuna.tsinghua.edu.cn/simple

scripts/ensure_package.py:50

🔗

Medium External URL 外部 URL

https://download.pytorch.org/whl/cpu

scripts/env_manager.py:148

🔗

Medium External URL 外部 URL

https://download.pytorch.org/whl/

scripts/env_manager.py:161

File Tree

8 files · 28.6 KB · 696 lines

Python 5f · 556L Markdown 2f · 96L Ignore 1f · 44L

├─ ▾ 📁 scripts

│ ├─ 🐍 config.py Python 52L · 2.1 KB

│ ├─ 🐍 ensure_package.py Python 73L · 2.8 KB

│ ├─ 🐍 env_manager.py Python 235L · 10.4 KB

│ ├─ 🐍 extract.py Python 141L · 6.2 KB

│ └─ 🐍 logger_manager.py Python 55L · 2.6 KB

├─ 📄 .gitignore Ignore 44L · 735 B

├─ 📝 README.md Markdown 77L · 2.9 KB

└─ 📝 SKILL.md Markdown 19L · 808 B

Dependencies 4 items

Package	Version	Source	Known Vulns	Notes
`tqdm`	`*`	pip	No	Version not pinned
`ffmpeg-downloader`	`*`	pip	No	Version not pinned
`pydub`	`*`	pip	No	Version not pinned
`pytorch`	`*`	pip (commented)	No	Code present but commented out

Security Positives

✓ No credential harvesting - environment variable access is limited to internal recursion control (RUNNING_IN_VENV)

✓ No network exfiltration - all network requests are to legitimate package mirrors (PyPI, gyan.dev)

✓ No obfuscation - all code is plaintext Python with clear docstrings

✓ No reverse shell or C2 communication

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ subprocess usage is legitimate CLI tool invocation (ffmpeg, pip, venv) appropriate for the stated purpose

✓ Error handling present with try-except blocks

Scan Report

Findings 5 items

File Tree

Dependencies 4 items

Security Positives