← Back to Skills Marketplace

mediaproc

Name: mediaproc
Author: psyb0t

by Ciprian Mandache · GitHub ↗ · v2.0.1 · MIT-0

cross-platform ⚠ suspicious

1254

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install mediaproc

Description

Process media files (video, audio, images) via a locked-down SSH container with ffmpeg, sox, and imagemagick. Use when the user wants to transcode video, pro...

Usage Guidance

This skill appears to do what it says (run media tools inside a remote container over SSH), but there are some practical and security issues to consider before using it: - Environment mismatch: The registry metadata does not declare MEDIAPROC_HOST and MEDIAPROC_PORT, yet the script and SKILL.md require them. Expect to set these to point at a trusted mediaproc server you control. - SSH risks: The provided wrapper will automatically accept new host keys (StrictHostKeyChecking=accept-new). That simplifies first-time use but increases the risk of a man-in-the-middle attack. Prefer to verify host keys manually or use known_hosts management. - Install recommendation is risky: references/setup.md suggests piping a GitHub raw install.sh into sudo bash. Do NOT run that blind. Inspect the install.sh contents locally (git clone or curl to a file and review) before running, or build/run the container yourself. - Trust the remote host: Media and file uploads are sent to the mediaproc server; a compromised or malicious server can read/exfiltrate uploaded files or execute arbitrary commands. Only point MEDIAPROC_HOST at a host you control or fully trust. - Mitigations: review the install script, run the mediaproc container locally if possible, use an ephemeral SSH key restricted to the mediaproc instance, verify host keys, and avoid using sudo piping from the web. If you need stronger assurance, ask the publisher for signed releases or source code you can audit. If the publisher updates the registry metadata to declare the required env vars and removes or documents safer install steps (no sudo curl|bash), the incoherence and install risk would be resolved and my confidence would increase.

Capability Analysis

Type: OpenClaw Skill Name: mediaproc Version: 2.0.1 The skill bundle contains high-risk patterns, most notably in references/setup.md, which encourages users to execute a remote script via 'curl | sudo bash', a common vector for supply chain attacks. Additionally, the SSH wrapper in scripts/mediaproc.sh passes raw, unvalidated arguments ('$*') to the remote host and uses 'StrictHostKeyChecking=accept-new', which could facilitate command injection or man-in-the-middle attacks. While these represent significant security vulnerabilities, they appear to be design flaws rather than intentional malware.

Capability Assessment

⚠ Purpose & Capability

The SKILL.md requires MEDIAPROC_HOST and MEDIAPROC_PORT and SSH access to a mediaproc instance, but the registry metadata lists no required env vars or credentials — that mismatch is incoherent. Otherwise the commands and wrapper script align with the stated media-processing purpose.

ℹ Instruction Scope

Runtime instructions allow uploading files and running arbitrary media commands on a remote container via SSH, which is consistent with the purpose. However the wrapper uses ssh with StrictHostKeyChecking=accept-new (automatic acceptance of new host keys), which raises MITM risk. The instructions also point users to running an install script that provisions SSH keys and a local mediaproc host; those setup directions increase the attack surface if the remote image or install script is untrusted.

⚠ Install Mechanism

There is no formal install spec in the registry, but references/setup.md tells users to run curl -fsSL https://raw.githubusercontent.com/psyb0t/docker-mediaproc/main/install.sh | sudo bash. Piping a remote script to sudo bash is a high-risk recommendation even when hosted on GitHub raw; it can run arbitrary code as root. The skill itself doesn’t install code, but the provided setup guidance is risky.

⚠ Credentials

The skill does not declare required env vars in the registry metadata, yet both SKILL.md and scripts/mediaproc.sh require MEDIAPROC_HOST and MEDIAPROC_PORT. That inconsistency hides the fact that the agent/user must supply network endpoints and SSH access (and will expose file transfer through that channel). No API keys are requested, which is appropriate, but the missing declared env vars is misleading.

✓ Persistence & Privilege

The skill is not always-enabled and does not request system-level privileges in the registry. The wrapper is a simple SSH proxy and does not modify other skills or agent config. Autonomous invocation is allowed (default) but that is normal behavior and not by itself a concern.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install mediaproc
After installation, invoke the skill by name or use /mediaproc
Provide required inputs per the skill's parameter spec and get structured output

Version History

v2.0.1

No user-visible changes in this version. - Version bump only; no changes detected in skill documentation or files.

v2.0.0

v1.0.2

Initial release. - Process video, audio, and image files via SSH in a locked-down container. - Provides common media tools: ffmpeg, sox, ImageMagick, and related utilities. - Supports secure file operations: upload, download, list, remove, and directory management within a confined workspace. - Includes video, audio, and image processing examples and plugin support for effects. - Enforces strong security by whitelisting commands and locking all paths under /work.

v1.1.0

- Added explicit instructions for accepting the SSH host key on first connection to prevent host verification errors. - Clarified usage of the `ls` command: output style (`ls -alph`), exclusion of `.` and `..`, and support for `--json` flag. - Updated file management examples to show both standard and JSON listing with `ls`. - No code or interface changes; these are documentation and usability improvements.

v1.0.0

Initial release of mediaproc. - Provides locked-down media processing over SSH using ffmpeg, sox, and ImageMagick. - All operations are confined to a container and restricted to whitelisted commands—no shell access or injection risk. - Supports file management commands (ls, put, get, rm, mkdir, rmdir, rrmdir). - Allows audio, video, and image transformations, with multiple plugin and font options. - Requires configuration of MEDIAPROC_HOST and MEDIAPROC_PORT. - Enhanced security: SSH key authentication only, strict path confinement, and complete shell exclusion.

Metadata

Slug mediaproc

Version 2.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 5

Frequently Asked Questions

What is mediaproc?

Process media files (video, audio, images) via a locked-down SSH container with ffmpeg, sox, and imagemagick. Use when the user wants to transcode video, pro... It is an AI Agent Skill for Claude Code / OpenClaw, with 1254 downloads so far.

How do I install mediaproc?

Run "/install mediaproc" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is mediaproc free?

Yes, mediaproc is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does mediaproc support?

mediaproc is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created mediaproc?

It is built and maintained by Ciprian Mandache (@psyb0t); the current version is v2.0.1.

More Skills