← Back to Skills Marketplace

Skill Tiktok Video Pipeline

Name: Skill Tiktok Video Pipeline
Author: zero2ai-hub

by Zero2Ai · GitHub ↗ · v2.0.0

cross-platform ⚠ suspicious

526

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install skill-tiktok-video-pipeline

Description

End-to-end TikTok ad video pipeline. Product script → Veo base video → animated caption overlay → audio mix → final MP4. One command, full automation.

Usage Guidance

This package appears to implement a TikTok video pipeline but has several inconsistencies you should resolve before running it: (1) SKILL.md and scripts expect an API key (GEMINI_API_KEY) but the registry metadata doesn't declare it — if you provide that key it will be sent to the Veo/Gen service when generating video. (2) The Node and Python orchestrators reference other skills and script paths that are inconsistent with the files included (veo3-video-gen, skill-runway-video-gen, skill-tiktok-ads-video). That means the pipeline may fail or attempt to run code from other folders in your workspace if present. (3) The scripts run shell commands ('bash -lc', ffmpeg, ffprobe, 'uv run') and forward the entire process environment to subprocesses, so avoid running this with sensitive credentials in your environment. Recommended steps before installing/running: run this in an isolated environment or container; inspect and, if necessary, correct the path references to the other skills or ensure the required helper skills are intentionally present; use the provided dry-run mode to test overlay behavior; do not run with sensitive env vars set (or sanitize env) until you confirm behavior; and review any external skills (veo/runway) that this orchestrator expects to call. Because of the mismatches and env handling, treat this as untrusted until you verify/correct those issues.

Capability Analysis

Type: OpenClaw Skill Name: skill-tiktok-video-pipeline Version: 2.0.0 The `scripts/tiktok_overlay_engine_v3.py` script is vulnerable to `ffmpeg` filter injection. User-controlled arguments like `--pill-color` and `--text-color` are directly concatenated into the `ffmpeg` `drawtext` filter string without proper escaping, allowing an attacker to inject arbitrary `ffmpeg` filters. This can lead to information disclosure, denial of service, or potentially remote code execution. While `scripts/generate.js` uses `JSON.stringify` to mitigate direct shell injection for its arguments, the downstream `tiktok_overlay_engine_v3.py` script introduces a critical vulnerability.

Capability Assessment

ℹ Purpose & Capability

The name/description (end-to-end TikTok ad pipeline) aligns with the included scripts which orchestrate Veo/Runway video generation, overlay, and audio mixing. However the package expects other skills in the workspace (veo3-video-gen, runway/skill-runway-video-gen, and a different tiktok overlay skill name), which are not declared in metadata. That cross-skill dependency is plausible for a pipeline, but the references are inconsistent (different skill slugs and script names), suggesting copy-paste or packaging errors.

⚠ Instruction Scope

Runtime instructions and scripts run external commands (ffmpeg, ffprobe, 'uv run', bash -lc) and read/write workspace paths (WORKSPACE via ../../..). SKILL.md mentions GEMINI_API_KEY required for Veo generation but the registry metadata did not declare any required env vars. pipeline.py points at other skill directories and script names that are inconsistent with this package (e.g., 'skill-runway-video-gen', 'skill-tiktok-ads-video'), which may cause it to try to invoke arbitrary scripts elsewhere in the agent workspace if present. The instructions also forward the process environment to subprocesses, which could expose any env vars present at runtime to subprocesses.

✓ Install Mechanism

No install spec (instruction-only) — nothing downloads or installs automatically. The provided code files are executed at runtime; risk comes from those runtime subprocesses rather than an install-time download. This is lower installation risk but still executes shell and 'uv run' commands when invoked.

⚠ Credentials

SKILL.md documents GEMINI_API_KEY and DEFAULT_AUDIO environment usage (DEFAULT_AUDIO fallback), but the registry shows no required env vars. The scripts propagate process.env into subprocesses and may cause secrets present in the agent environment to be visible to invoked commands. The number of env variables requested is small and consistent with a video-generation pipeline, but the omission from registry metadata is an incoherence and the forwarding of full env to subprocesses increases potential exposure.

✓ Persistence & Privilege

The skill does not request always:true and is user-invocable only. It writes outputs into the workspace 'output/tiktok' and temporary dirs under workspace; it does not attempt to modify other skills or system configuration. Autonomous invocation is allowed by default (disable-model-invocation: false) but that is the platform default and not by itself a red flag.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install skill-tiktok-video-pipeline
After installation, invoke the skill by name or use /skill-tiktok-video-pipeline
Provide required inputs per the skill's parameter spec and get structured output

Version History

v2.0.0

**Major update: Pipeline now supports Veo3 video generation, enhanced caption overlay (v3), audio mixing, new `--audio` and `--slowmo` flags, and Node.js orchestration.** - Adds Node.js orchestrator (`scripts/generate.js`) for full automation and new scripting interface. - Integrates next-gen caption overlay engine (`tiktok_overlay_engine_v3.py`) using ffmpeg drawtext for improved pill captions and Arabic language support. - Supports background music mixing via ffmpeg (`--audio`), default audio auto-discovery, and volume adjustment. - Introduces new pipeline arguments for logo watermark, segment stitching, dry-run mode, and Arabic captions. - Updates Python pipeline to support overlay v3 engine, `--audio`, and `--slowmo` for slowed videos. - Documentation rewritten with detailed architecture diagram, usage examples, and full argument tables.

v1.0.0

Initial release: end-to-end TikTok ad video automation for product images. - Converts a product image into a final branded TikTok video with one command. - Integrates video generation (Runway/Veo), slow-motion stretching, and animated caption overlays. - Supports multiple products and video styles, with flexible engine selection and customization options. - Outputs a finished MP4, ready to post.

Metadata

Slug skill-tiktok-video-pipeline

Version 2.0.0

License —

All-time Installs 2

Active Installs 2

Total Versions 2

Frequently Asked Questions

What is Skill Tiktok Video Pipeline?

End-to-end TikTok ad video pipeline. Product script → Veo base video → animated caption overlay → audio mix → final MP4. One command, full automation. It is an AI Agent Skill for Claude Code / OpenClaw, with 526 downloads so far.

How do I install Skill Tiktok Video Pipeline?

Run "/install skill-tiktok-video-pipeline" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill Tiktok Video Pipeline free?

Yes, Skill Tiktok Video Pipeline is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Skill Tiktok Video Pipeline support?

Skill Tiktok Video Pipeline is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill Tiktok Video Pipeline?

It is built and maintained by Zero2Ai (@zero2ai-hub); the current version is v2.0.0.

More Skills