← Back to Skills Marketplace
wemayiiii

VMake

by wemayiiii · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
67
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install vmake-skill
Description
Video file → videoscreenclear or hdvideoallinone + spawn-run-task and sessions_spawn (main session). Image → eraser_watermark or image_restoration + blocking...
Usage Guidance
Before installing or enabling this skill: 1) Treat MT_AK / MT_SK (Vmake Access/Secret) as required — only provide keys from a trusted tenant. 2) Be aware the skill will read/write local files: ~/.openclaw/* and ~/.cache/vmake/* and may read a scripts/.env or a cwd .env, which can cause local secrets to be used; inspect those files first. 3) The skill can optionally use Telegram and Feishu delivery helpers that expect TELEGRAM_BOT_TOKEN in your environment and Feishu appId/appSecret in ~/.openclaw/openclaw.json — if you don't want delivery channels enabled, do not populate those credentials. 4) The registry summary shown to you earlier omitted required env vars (MT_AK/MT_SK) — prefer the SKILL.md and skill.json declarations as authoritative and ask the publisher/host to correct registry metadata before wide deployment. 5) If you must grant this skill keys, rotate them after testing and limit their privileges if possible. If you need higher assurance, request the upstream skill source (homepage/repo) or audit the remaining omitted files for any additional network endpoints or obfuscated behavior.
Capability Analysis
Type: OpenClaw Skill Name: vmake-skill Version: 1.0.0 The skill bundle exhibits high-privilege behavior by reading the global OpenClaw configuration file (~/.openclaw/openclaw.json) to extract sensitive credentials for IM platforms like Feishu and Telegram (seen in scripts/feishu_send_image.py and others). Most notably, SKILL.md contains an embedded Python script for a 'Pre-Flight Check' that hardcodes a path to this config file (/home/ec2-user/.openclaw/openclaw.json) to perform authenticated API calls. While these capabilities are plausibly used for the stated purpose of multi-platform media delivery and quota management, the direct access to the main configuration file and the use of raw Python scripts within markdown instructions represent a significant security risk and a broad attack surface for credential theft or unauthorized actions if the skill were compromised or maliciously modified.
Capability Tags
requires-walletrequires-oauth-token
Capability Assessment
Purpose & Capability
The skill is clearly an image/video processing client for a paid Vmake API (videoscreenclear, hdvideoallinone, eraser_watermark, image_restoration). Requiring python3 and Vmake API keys (MT_AK / MT_SK) is coherent for this purpose. However the top-level summary in the prompt listing 'Required env vars: none' contradicts SKILL.md and skill.json which declare MT_AK/MT_SK as required — the manifest and runtime disagree with the registry metadata.
Instruction Scope
SKILL.md instructs agents to run scripts/vmake_ai.py and to use spawn-run-task/sessions_spawn for video tasks. The included code performs additional actions not fully surfaced in the high-level description: it reads ~/.openclaw/openclaw.json for channel credentials, reads .env files (scripts/.env and potential cwd .env), downloads user-provided URLs to temp files, and persists state under ~/.openclaw/workspace and ~/.cache/vmake. Those file/credential accesses extend scope beyond simple API calls and should be made explicit to operators.
Install Mechanism
This is instruction-plus-code (no install spec); there is no network-based install or arbitrary archive extraction in the manifest. Dependencies are typical (requests, alibabacloud-oss-v2). No suspicious third-party download URLs or extract operations were found in the provided files.
Credentials
MT_AK and MT_SK (Vmake API keys) are reasonable and proportional. However the skill also expects/use other credentials at runtime: TELEGRAM_BOT_TOKEN (env) and Feishu appId/appSecret loaded from ~/.openclaw/openclaw.json, and it will persist caches and history under user home directories. Those additional secrets are not declared in the registry metadata's 'requires.env', so the skill will access credentials beyond what the registry summary advertised. The client also loads any .env it finds and populates os.environ, which can surface additional secrets unintentionally.
Persistence & Privilege
The skill writes persistent state: ~/.openclaw/workspace/openclaw-vmake-ai/ (last_task.json, history) and ~/.cache/vmake/ (gid cache). always:false (not forced). The persistence is expected for resume/polling behaviour but combined with access to other local config files it increases blast radius if keys are mishandled. The skill does not attempt to modify other skills' configs in the provided code.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install vmake-skill
  3. After installation, invoke the skill by name or use /vmake-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
openclaw-vmake-ai 1.3.0 - Expanded documentation with precise rules for watermark removal and quality restoration on images and videos. - Clarified billing: All processing uses paid Vmake API and consumes tenant quota—never claim the service is free or guess pricing. - Outlined chaining logic for multi-stage pipelines (watermark removal → restoration), with clear task separation and execution paths. - Specified video task execution: always use spawn-run-task and sessions_spawn (never blocking run-task for video). - Detailed new pre-flight credential check with platform-specific user notifications (e.g., Feishu credential card). - Strict API usage: only submit jobs via the provided CLI, never direct HTTP.
Metadata
Slug vmake-skill
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is VMake?

Video file → videoscreenclear or hdvideoallinone + spawn-run-task and sessions_spawn (main session). Image → eraser_watermark or image_restoration + blocking... It is an AI Agent Skill for Claude Code / OpenClaw, with 67 downloads so far.

How do I install VMake?

Run "/install vmake-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is VMake free?

Yes, VMake is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does VMake support?

VMake is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created VMake?

It is built and maintained by wemayiiii (@wemayiiii); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments