← Back to Skills Marketplace

YouTube Shorts 자동 생성

Name: YouTube Shorts 자동 생성
Author: kangjjang

by kangjjang · GitHub ↗ · v2.0.1

cross-platform ⚠ suspicious

900

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install youtube-shorts

Description

AI/DevOps 유튜브 숏츠 자동 생성. 트렌드 수집 → 스크립트 → 이미지 → Veo 영상 → TTS 나레이션 → Remotion 합성 → YouTube 업로드

Usage Guidance

This skill asks the agent to clone and run a GitHub repository and to install packages, then run commands that can upload videos. Before installing or running it: 1) Inspect the repository (https://github.com/kangjjang/youtube-shorts-skill.git) and review scripts/setup.sh and requirements.txt for unexpected behavior. 2) Confirm where YouTube upload credentials and any Veo (or other paid service) API keys are configured — do not provide your YouTube OAuth tokens unless you trust and have inspected the code. 3) Consider running the code in an isolated sandbox or ephemeral VM first to observe network calls and file writes. 4) If you only want the instruction logic and not remote code execution, ask the publisher to include the scripts in the skill bundle or to declare all required credentials and explain upload flow. 5) If you cannot audit the repo, do not supply GEMINI_API_KEY or other secrets to an unreviewed skill.

Capability Analysis

Type: OpenClaw Skill Name: youtube-shorts Version: 2.0.1 The skill is classified as suspicious due to its broad requested permissions and the instruction to fetch and execute unverified external code. `SKILL.md` explicitly requests `Bash`, `Read`, `Write`, and `exec` tools, granting extensive control. Crucially, it instructs the agent to `git clone https://github.com/kangjjang/youtube-shorts-skill.git` and then execute `bash scripts/setup.sh` from the cloned repository. This constitutes a significant supply chain vulnerability, as the content of the external repository and its setup script are not provided for analysis and could contain malicious payloads. Additionally, `pip install -r requirements.txt` introduces further supply chain risk via Python packages. The skill also requires `GEMINI_API_KEY`, which, combined with the broad permissions, could be vulnerable to exfiltration by the external code.

Capability Assessment

⚠ Purpose & Capability

The name/description (YouTube Shorts 자동 생성) aligns with the pipeline described (trend → script → images → video → TTS → upload). However the skill instructs downloading and running a GitHub repo and executing uploads, yet the declared requirements only include GEMINI_API_KEY. Uploading to YouTube and using a service named 'Veo' would normally require additional credentials or configuration; those are not declared. This is an unexplained gap between claimed capabilities and declared requirements.

⚠ Instruction Scope

The SKILL.md instructs the agent to git clone a repository (https://github.com/kangjjang/youtube-shorts-skill.git), run scripts/setup.sh, create/activate a Python virtualenv, pip install requirements, and run python/node code. Those steps download and execute arbitrary third-party code at runtime and write to disk. The instructions also reference ${CLAUDE_PLUGIN_ROOT} and numerous CLI invocations (including upload flags). The instructions do not constrain what the cloned code does or enumerate required additional env vars/secrets, giving broad runtime discretion.

⚠ Install Mechanism

Although the skill bundle has no formal install spec, the runtime instructions perform a git clone from a third-party GitHub repo and run a setup script + pip install. Downloading and executing remote code via an unaudited repo and running arbitrary setup scripts is a higher-risk install mechanism. GitHub is a known host (better than an unknown IP/shortener), but the repo owner is unknown and the repository contents are not provided for review.

⚠ Credentials

The skill declares only GEMINI_API_KEY as a required env var, saying Gemini will be used for text/image/video/TTS. But the SKILL.md also references uploading to YouTube and uses a separate service 'Veo' with per-video costs. No YouTube OAuth credentials, client_secrets, or Veo API key are requested or documented. The absence of declared credentials for upload and external video-generation services is disproportionate and unexplained.

⚠ Persistence & Privilege

always:false (good), but the skill instructs fetching and executing external code and can be invoked autonomously (platform default). Combining autonomous invocation with runtime download/execute of a third-party repo increases blast radius if the repo is malicious or changes later. The skill writes a venv, installs packages, and writes outputs to disk — expected, but higher-risk given remote code execution.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install youtube-shorts
After installation, invoke the skill by name or use /youtube-shorts
Provide required inputs per the skill's parameter spec and get structured output

Version History

v2.0.1

Add GitHub clone instructions for full source code

v2.0.0

Initial release: 9-step pipeline with Gemini TTS + Remotion compositing

Metadata

Slug youtube-shorts

Version 2.0.1

License —

All-time Installs 2

Active Installs 2

Total Versions 2

Frequently Asked Questions

What is YouTube Shorts 자동 생성?

AI/DevOps 유튜브 숏츠 자동 생성. 트렌드 수집 → 스크립트 → 이미지 → Veo 영상 → TTS 나레이션 → Remotion 합성 → YouTube 업로드. It is an AI Agent Skill for Claude Code / OpenClaw, with 900 downloads so far.

How do I install YouTube Shorts 자동 생성?

Run "/install youtube-shorts" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is YouTube Shorts 자동 생성 free?

Yes, YouTube Shorts 자동 생성 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does YouTube Shorts 자동 생성 support?

YouTube Shorts 자동 생성 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created YouTube Shorts 자동 생성?

It is built and maintained by kangjjang (@kangjjang); the current version is v2.0.1.

More Skills