← Back to Skills Marketplace
65
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install video-producer-v3
Description
短视频一键生成器 v3.0。输入主题+要点,AI自动完成分镜、生图、配音、字幕、渲染,输出1080×1920竖屏MP4。
Usage Guidance
Before installing or running: 1) Treat this as code you should review — open video_producer.py and inspect network calls, especially requests.post and any subprocess.run usage. 2) Do not supply high‑value keys without confidence: test first with IMAGE_BACKEND=placeholder and TTS_BACKEND=edge (free/local) so no external API calls are made. 3) Verify the MiniMax endpoint (MINIMAX_BASE) — it is not a widely known provider; confirm its legitimacy before entering MINIMAX_API_KEY. 4) Run the script inside an isolated environment or container (non‑privileged user) and avoid running as root. 5) Look for shell commands constructed from untrusted input (subprocess.run with shell=True) and avoid feeding untrusted data into the script until you can confirm sanitization. 6) Ask the author to update the registry metadata to declare required env vars and to provide the .env.example file referenced in README; absence of those files/metadata is a red flag. If you want, paste the remaining truncated parts of video_producer.py and I can re-check for more specific risks (e.g., exact ffmpeg command construction or any hidden endpoints).
Capability Analysis
Type: OpenClaw Skill
Name: video-producer-v3
Version: 1.0.0
The skill bundle is classified as suspicious due to critical security vulnerabilities in video_producer.py, specifically shell injection risks. The script uses subprocess.run(shell=True) to execute ffmpeg and edge-tts commands constructed from unsanitized user input (e.g., the --topic and --points arguments), which could allow arbitrary command execution. While the code appears to legitimately implement the described AI video generation functionality and lacks evidence of intentional malice or data exfiltration, the high-risk implementation of system calls makes it unsafe for use without significant refactoring.
Capability Tags
Capability Assessment
Purpose & Capability
The skill's name/description (AI short-video generator) matches the code and SKILL.md: it plans storyboards, calls image and TTS backends, and runs ffmpeg to render. However the registry metadata lists no required environment variables/credentials while both SKILL.md and README and the script explicitly expect MINIMAX_API_KEY and optionally OPENAI_API_KEY (and other env vars). This mismatch is an incoherence (likely an author oversight) but worth flagging.
Instruction Scope
Runtime instructions and the Python script instruct the agent/user to set service API keys and then the script makes outbound HTTP requests to image/TTS APIs, downloads image data, writes files, generates audio, and invokes ffmpeg via subprocess. Those actions are expected for this purpose, but the skill transmits content (and your API keys in requests) to third-party endpoints and executes shell commands; you should verify endpoints and inspect how inputs are used when constructing shell commands.
Install Mechanism
No install spec is provided (instruction-only with an included Python script). No remote archive downloads or installers are invoked by the platform; risk is limited to running the provided Python file and its runtime network activity.
Credentials
The script uses MINIMAX_API_KEY and OPENAI_API_KEY (and other optional env vars) which are proportional to the stated functionality (image/TTS backends). But the registry metadata incorrectly lists no required env vars/configs, and the default MINIMAX_BASE is a non‑familiar domain (https://api.minimaxi.com/v1) — verify that service before providing keys. The code also allows overriding OPENAI_BASE which could redirect calls; this increases risk if you set nonstandard values or if the code is modified.
Persistence & Privilege
The skill does not request always=true or system-wide persistence. It runs as a script on demand and does not modify other skills or global agent configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install video-producer-v3 - After installation, invoke the skill by name or use
/video-producer-v3 - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
初版发布:多后端TTS(Minimax/OpenAI/Edge) + 图片生成 + 视频渲染
Metadata
Frequently Asked Questions
What is 短视频一键生成器?
短视频一键生成器 v3.0。输入主题+要点,AI自动完成分镜、生图、配音、字幕、渲染,输出1080×1920竖屏MP4。 It is an AI Agent Skill for Claude Code / OpenClaw, with 65 downloads so far.
How do I install 短视频一键生成器?
Run "/install video-producer-v3" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 短视频一键生成器 free?
Yes, 短视频一键生成器 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 短视频一键生成器 support?
短视频一键生成器 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 短视频一键生成器?
It is built and maintained by Hyjaixiao (@hyjaixiao); the current version is v1.0.0.
More Skills