← Back to Skills Marketplace
241
Downloads
0
Stars
0
Active Installs
12
Versions
Install in OpenClaw
/install pixcli
Description
Creative toolkit for AI agents — generate images, videos, voiceover, music, and sound effects, then assemble polished output via Remotion. Uses the pixcli CL...
Usage Guidance
This skill is coherent with its stated purpose, but review these before installing: 1) Only provide a PIXCLI_API_KEY you trust and scope it where possible; avoid using high-privilege or long-lived keys if you can. 2) Ask the publisher why README mentions OPENROUTER_API_KEY ( undocumented fallback ) and confirm whether your environment must set it. 3) Verify the 'pixcli' npm package and the homepage (https://pixcli.shellbot.sh / GitHub repo) yourself — npx will fetch and execute code from npm on first run. 4) Be cautious about allowing the agent to change --api-url or --key flags (these can redirect traffic to arbitrary endpoints). If you rely on this skill in an automated agent, prefer least-privilege keys and monitor network activity and usage billing.
Capability Analysis
Type: OpenClaw Skill
Name: pixcli
Version: 2.3.10
The pixcli skill bundle provides a comprehensive toolkit for AI agents to generate and assemble media, but it is classified as suspicious due to high-risk capabilities and a broad attack surface. It requires extensive shell permissions with wildcards for commands like `cp`, `mkdir`, and `pixcli`, and relies on `npx` to download and execute code from npm at runtime. Furthermore, the `SKILL.md` instructions explicitly direct the agent to parse and execute `check_command` strings returned by the remote API (https://pixcli.shellbot.sh), which could be leveraged for remote command injection if the service were compromised. While these behaviors are plausibly necessary for the stated purpose of video production and asset management, they exceed the threshold for a benign classification.
Capability Tags
Capability Assessment
Purpose & Capability
Name, description, required binaries (node, npx), declared primary credential (PIXCLI_API_KEY), and the included Remotion templates all match the stated purpose of generating media and assembling video. Bundled template package.json files and Remotion code are directly relevant to the described functionality.
Instruction Scope
SKILL.md clearly scopes agent actions to running 'npx --yes pixcli' and 'npx remotion' plus installing declared template deps (npm install inside copied template directories). That scope is reasonable. Two minor issues: 1) README refers to OPENROUTER_API_KEY as a fallback environment variable but that variable is not declared in requires.env; 2) SKILL.md repeatedly asserts there is 'no arbitrary npx' or 'no node <script>' but running 'npx' still executes code from npm packages (intended here for pixcli/remotion). These are not necessarily malicious but are scope-related inconsistencies you may want clarified.
Install Mechanism
There is no automatic install spec; runtime behavior relies on npx to fetch the published 'pixcli' package and on npm to install declared deps in template directories. Using npm/npx is expected for this kind of CLI. Note: npx executes remote package code on first run (standard behavior), so trust of the npm package and registry is the relevant risk surface.
Credentials
The skill requests a single primary credential (PIXCLI_API_KEY), which fits the stated API usage. However, README mentions OPENROUTER_API_KEY as a fallback (not declared in requires.env), and the CLI exposes --api-url and --key flags that allow overriding endpoints/keys. Those capabilities are reasonable for debugging, but they increase the attack surface if an agent is allowed to set arbitrary api-url/keys — an attacker-controlled endpoint could be used to exfiltrate generated prompts or local files if misused. Confirm that any key you provide is scoped and that you trust the npm package and api endpoint.
Persistence & Privilege
always:false and default autonomous invocation are set (normal). The skill does not request system-wide config changes or access to other skills' credentials, and there are no install scripts requiring persistent elevated privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pixcli - After installation, invoke the skill by name or use
/pixcli - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.3.10
Added full OpenAI gpt2 image model and heygen video avatars)
v2.3.8
Added full Seedance support with reference images
v2.3.7
Added full Seedance support with reference images
v2.3.6
Added better control of async and estimation of time execution
v2.3.5
Added better control of async and estimation of time execution
v2.3.4
Security audit fixes: declared install step + env requirements in frontmatter (fixes 'Required env vars: none' / 'Primary credential: none'), added Requirements
section with runtime explanation table, added 'What does NOT run' negative-scope declaration, cleaned YAML frontmatter.
v2.3.3
Agent execution optimization: --no-wait flag on all generation commands (submit and return immediately), machine-readable timeout recovery with check_command/wait_command in JSON errors, comprehensive agent execution guide in SKILL.md with submit→check pattern, token consumption table, and parallel pipeline examples.
v2.3.2
Security: tightened allowed-tools to the principle of least privilege. Removed broad npm/node/npx wildcards. The agent can now only run pixcli, remotion, the
specific npm scripts that ship with bundled templates (install, run verify/typecheck/render), ffmpeg/ffprobe, and filesystem helpers. Setup docs updated to prefer npx over
global install. No content or feature changes.
v2.3.1
Seedance 2.0 prompt playbook
v2.3.0
Seedance 2.0 prompt playbook: 6-element formula (Subject → Action → Environment → Camera → Style → Constraints), camera catalog, lighting table, timeline prompting for 10s+ clips, multimodal role assignment, 10+ ready-to-paste Seedance command recipes. New references/seedance-playbook.md deep reference. pixcli models command docs. Updated video model list to include all 11 Seedance variants, Veo 3.1 Fast T2V, LTX 2.3 extend.
v2.2.1
Version 2.2.1
- No file or documentation changes detected in this release.
- Version number increment only; no new features, fixes, or updates included.
v2.2.0
pixcli 2.2.0
- Adds new voice options and multi-language support for voiceover generation.
- Introduces native audio generation (BGM, SFX, dialogue) in video models when supported.
- Expands bundled Remotion video templates and rule references for easier, higher-quality video assembly.
- Updates and clarifies example commands, usage tips, and available model lists across all capabilities.
- Enhances guidance on recovering timed-out jobs and controlling video start frames for a more robust workflow.
Metadata
Frequently Asked Questions
What is Pixcli Skill?
Creative toolkit for AI agents — generate images, videos, voiceover, music, and sound effects, then assemble polished output via Remotion. Uses the pixcli CL... It is an AI Agent Skill for Claude Code / OpenClaw, with 241 downloads so far.
How do I install Pixcli Skill?
Run "/install pixcli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pixcli Skill free?
Yes, Pixcli Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Pixcli Skill support?
Pixcli Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pixcli Skill?
It is built and maintained by cohnen (@cohnen); the current version is v2.3.10.
More Skills