← Back to Skills Marketplace
vanyanski

TSW Shorts Factory

by Vanyanski · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
210
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install tsw-shorts-factory
Description
Autonomous YouTube Shorts video factory — zero cost, no external video API required. Generates quote-based short-form videos daily using edge-tts (free Micro...
Usage Guidance
Do NOT install or run this skill as-is. Key concerns to resolve before trusting it: 1) The pipeline contains a hardcoded Pexels API key — treat that as a leaked credential. Replace it with an env var and rotate the key if you care about the account. 2) The code references and executes an external uploader and inserts sys.path entries into /root/.openclaw — ask the author why external workspace files are required, or remove those references and bundle any necessary uploader code. 3) Confirm QUOTE_LIBRARY and output paths are configurable and do not point into other agent/system workspaces; run in a sandboxed account first. 4) Review the uploader (yt_uploader.py) and any referenced external scripts before execution because they run with the same privileges as the pipeline. 5) If you want to proceed, edit the code to use an environment variable for PEXELS_API_KEY (and other secrets), remove hardcoded absolute paths, include or document the uploader dependency, and only then run in a controlled environment. If you cannot get clear answers from the author, treat this package as untrusted.
Capability Analysis
Type: OpenClaw Skill Name: tsw-shorts-factory Version: 1.0.0 The skill bundle contains a hardcoded Pexels API key in 'scripts/pipeline.py', which is a significant security vulnerability (credential exposure). Additionally, the script uses absolute paths targeting the '/root/' directory and relies on an external script ('yt_uploader.py') that is not provided in the bundle, indicating an incomplete or environment-specific implementation. While these are high-risk coding practices and functional flaws, there is no clear evidence of intentional malicious behavior such as data exfiltration or backdoors.
Capability Assessment
Purpose & Capability
SKILL.md advertises a zero-cost, self-contained YouTube Shorts factory and documents setting PEXELS_API_KEY and YouTube OAuth. The registry metadata lists no required env vars, but pipeline.py hardcodes a PEXELS_KEY value and hardwired paths (e.g. /root/.openclaw/..., /root/tsw_videos) and references an external YT_UPLOADER script outside the package. Requiring or embedding an API key and depending on files in another workspace is not consistent with the claimed 'instruction-only, no credentials' footprint.
Instruction Scope
SKILL.md instructs the agent to set PEXELS_API_KEY and run local yt_setup.py and to provide a local quote file. The pipeline code, however, ignores any environment variable and uses a hardcoded PEXELS_KEY, a fixed QUOTE_LIBRARY path under /root/.openclaw, inserts a sys.path to another project, and invokes an uploader at /root/.openclaw/.../yt_uploader.py. The runtime behavior therefore reaches into other agent/workspace directories and executes external code not mentioned in the install instructions.
Install Mechanism
No install spec (instruction-only), which is low risk in itself. SKILL.md lists pip packages to install at deploy time (moviepy, edge-tts, google-api libs). The code bundle includes Python scripts that will be executed locally; because there is no package install step, the user will need to install dependencies manually as instructed.
Credentials
The README declares PEXELS_API_KEY and a YouTube OAuth token file as configuration, but the registry shows no required env vars. Worse, pipeline.py contains a hardcoded PEXELS_KEY literal (a plausible-looking API key). That is a credential embedded in the code (credential leakage or misuse) and contradicts the deployment instructions. The code also creates and writes logs and outputs under /root/.openclaw and /root, accessing directories outside the skill bundle.
Persistence & Privilege
The skill writes logs and tokens to /root/.openclaw/workspace and creates directories under /root — touching what appears to be the agent's workspace and other projects. It also invokes an uploader script located outside the skill (YT_UPLOADER at /root/.openclaw/.../yt_uploader.py). While always:false (not forced), executing code that reaches across workspaces and calls external scripts increases blast radius and can modify or rely on other skills' artifacts.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install tsw-shorts-factory
  3. After installation, invoke the skill by name or use /tsw-shorts-factory
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of tsw-shorts-factory: autonomous, zero-cost YouTube Shorts generator. - Generates 3 quote-based vertical Shorts videos per day using local TTS (edge-tts), Pexels stock footage, and MoviePy. - Uses only free APIs; no external video processing services required. - Automatically uploads completed videos as unlisted drafts to YouTube for manual review. - Supports multiple quote niches via customizable quote library. - Includes easy setup instructions and sample configuration for deployment and scheduling. - All steps run locally; no recurring costs for ~90 videos/month.
Metadata
Slug tsw-shorts-factory
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is TSW Shorts Factory?

Autonomous YouTube Shorts video factory — zero cost, no external video API required. Generates quote-based short-form videos daily using edge-tts (free Micro... It is an AI Agent Skill for Claude Code / OpenClaw, with 210 downloads so far.

How do I install TSW Shorts Factory?

Run "/install tsw-shorts-factory" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is TSW Shorts Factory free?

Yes, TSW Shorts Factory is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does TSW Shorts Factory support?

TSW Shorts Factory is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created TSW Shorts Factory?

It is built and maintained by Vanyanski (@vanyanski); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments