← 返回 Skills 市场
FFmpeg CLI
作者
ascendswang
· GitHub ↗
· v1.0.0
6397
总下载
9
收藏
34
当前安装
1
版本数
在 OpenClaw 中安装
/install ffmpeg-cli
功能描述
Process video and audio using FFmpeg CLI for transcoding, cutting, merging, audio extraction, thumbnails, GIFs, speed, filters, subtitles, and watermarks.
安全使用建议
Install only if you are comfortable running local FFmpeg scripts on files you choose. Use fresh output filenames because the scripts overwrite existing outputs, and avoid passing filenames or file lists from untrusted sources, especially to merge.sh.
功能分析
Type: OpenClaw Skill
Name: ffmpeg-cli
Version: 1.0.0
The `merge.sh` script is vulnerable to command injection. It constructs a temporary file (`TEMP_LIST`) from user-supplied arguments without sanitization and then uses `ffmpeg -f concat -safe 0 -i "$TEMP_LIST"`. The `-safe 0` option disables security checks for the concat demuxer, allowing `ffmpeg` to interpret `file 'pipe:...'` entries in the list as commands. A malicious actor providing crafted input (e.g., `file 'pipe:cat /etc/passwd'`) to the `merge.sh` script could achieve arbitrary command execution or data exfiltration, making this a significant risky capability.
能力评估
Purpose & Capability
The declared purpose is video and audio processing, and the artifacts implement only expected FFmpeg wrapper tasks such as convert, cut, merge, extract audio, thumbnails, GIFs, speed changes, and watermarking.
Instruction Scope
Commands are explicit and user-directed, but scripts accept arbitrary caller-supplied input/output paths and use FFmpeg overwrite mode, so an agent-suggested command should be reviewed before execution.
Install Mechanism
SKILL.md discloses FFmpeg as a Homebrew-installable dependency; speed.sh also uses bc, which is a minor undeclared local dependency. No hidden installer or remote code download is present.
Credentials
Local media file reads and writes are proportionate for an FFmpeg skill. merge.sh uses concat with -safe 0 and an unescaped temporary file list, which is common for broad path support but unsafe with untrusted or maliciously crafted filenames.
Persistence & Privilege
The artifacts show no persistence, background execution, privilege escalation, credential access, network exfiltration, or account authority.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ffmpeg-cli - 安装完成后,直接呼叫该 Skill 的名称或使用
/ffmpeg-cli触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: comprehensive video/audio processing with cut, merge, extract-audio, thumb, gif, convert, speed, watermark scripts
元数据
常见问题
FFmpeg CLI 是什么?
Process video and audio using FFmpeg CLI for transcoding, cutting, merging, audio extraction, thumbnails, GIFs, speed, filters, subtitles, and watermarks. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 6397 次。
如何安装 FFmpeg CLI?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ffmpeg-cli」即可一键安装,无需额外配置。
FFmpeg CLI 是免费的吗?
是的,FFmpeg CLI 完全免费(开源免费),可自由下载、安装和使用。
FFmpeg CLI 支持哪些平台?
FFmpeg CLI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 FFmpeg CLI?
由 ascendswang(@ascendswang)开发并维护,当前版本 v1.0.0。
推荐 Skills