← Back to Skills Marketplace
AI Hookbot
by
jean-maradiaga
· GitHub ↗
· v1.0.2
· MIT-0
301
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install ai-hookbot
Description
Scrape viral hooks from YouTube Shorts creators and stitch them with a CTA video to produce ready-to-post TikTok/Reels/Shorts content. Use when asked to make...
README (SKILL.md)
AI Hookbot
Runs the Hookbot pipeline: scrapes YouTube Shorts hooks from a creator's channel, trims them, and stitches each with your CTA video to produce ready-to-post vertical content.
Setup
1. Install dependencies
pip install yt-dlp
brew install ffmpeg # macOS; or apt install ffmpeg on Linux
2. Clone the pipeline scripts
git clone https://github.com/YOUR_REPO/hookbot-scripts ~/hookbot
Or place
pipeline.pyand related scripts in any directory — just setHOOKBOT_SCRIPTS_DIRbelow.
3. Configure environment variables
Copy config.example.env, fill in your paths, and either source it or add it to your shell profile:
cp config.example.env ~/.hookbot.env
# edit ~/.hookbot.env
source ~/.hookbot.env
| Variable | Description | Default |
|---|---|---|
HOOKBOT_SCRIPTS_DIR |
Directory containing pipeline.py |
~/hookbot |
HOOKBOT_CTA_DIR |
Default folder to look for CTA videos | ~/hookbot/cta |
HOOKBOT_YTDLP_PATH |
Path to yt-dlp binary |
yt-dlp (assumes in PATH) |
HOOKBOT_FFMPEG_PATH |
Path to ffmpeg binary |
ffmpeg (assumes in PATH) |
YOUTUBE_API_KEY |
YouTube Data API v3 key (only needed for --viral) |
(optional) |
Workflow
-
Parse the user's request to extract:
creator_url— YouTube Shorts URL (e.g.https://www.youtube.com/@ZackD/shorts). If only a handle/name is given, construct the URL.cta_video— Path to CTA video. If only a filename is given, resolve against$HOOKBOT_CTA_DIR. If not specified, prompt the user.count— Number of hooks (default: 10)hook_duration— Seconds to grab from each hook (default: 3.0)output_dir— Where to save final videos (default:./outputrelative to$HOOKBOT_SCRIPTS_DIR)
-
Resolve paths from environment variables (fall back to defaults if unset):
SCRIPTS_DIR="${HOOKBOT_SCRIPTS_DIR:-~/hookbot}"
CTA_DIR="${HOOKBOT_CTA_DIR:-~/hookbot/cta}"
YTDLP="${HOOKBOT_YTDLP_PATH:-yt-dlp}"
FFMPEG="${HOOKBOT_FFMPEG_PATH:-ffmpeg}"
- Run the pipeline via
exec, passing only the required env vars explicitly (do NOT source~/.zshrcor any shell RC file):
cd "$SCRIPTS_DIR" && \
YTDLP_PATH="$YTDLP" \
FFMPEG_PATH="$FFMPEG" \
YOUTUBE_API_KEY="${YOUTUBE_API_KEY:-}" \
python3 pipeline.py "\x3Ccreator_url>" "\x3Ccta_video>" \
--count \x3Ccount> \
--hook-duration \x3Chook_duration> \
--output \x3Coutput_dir> \
[--viral]
Add --viral when the user wants hooks sorted by view count (requires YOUTUBE_API_KEY). Default pulls most recent Shorts.
- Report back a summary:
- How many hooks were scraped
- How many final videos were created
- Output directory path
- Any failures (sanitize error output before relaying — strip file paths and env var values)
Prompting for Missing Info
- CTA video not specified: Ask "Which CTA video should I use?" then list
.mp4files in$HOOKBOT_CTA_DIR. - Creator not specified: Ask for the YouTube channel handle or Shorts URL.
HOOKBOT_SCRIPTS_DIRnot set / pipeline.py not found: Tell the user to set the env var and point it to the scripts directory.
Example Invocations
- "Make me 10 hooks from @ZackD with MyCTA.mp4"
- "Scrape 5 hooks from youtube.com/@SomeCreator/shorts using my furniture CTA"
- "Run hookbot on @MrBeast, 3 second hooks, 15 videos, viral sort"
- "Make hooks from @PeterMcKinnon"
Notes
- Output videos are 9:16 vertical (1080×1920), normalized automatically.
- Temp files are cleaned up automatically by the pipeline.
- A
manifest.jsonis saved in the output directory with metadata. - If the pipeline errors, relay the error output to the user verbatim so they can debug.
--viralflag requires a YouTube Data API v3 key set asYOUTUBE_API_KEY. Get one at console.cloud.google.com.
Usage Guidance
This skill is mostly a runbook for an external pipeline rather than a self-contained implementation. Before using it: 1) Do not clone or run an unknown repository — the SKILL.md points to a placeholder repo. Ask the author for the exact repo URL and a commit/tag and verify the code (pipeline.py) yourself. 2) Audit the external pipeline.py and any scripts for network calls, file access, or credential usage before executing. 3) Decide whether to enable the agent to run the pipeline autonomously — the pipeline will execute commands (yt-dlp, ffmpeg) and download content. 4) Be careful with the optional YouTube API key: only supply it if you trust the code and only for --viral. 5) Resolve the contradictory error-handling guidance: ensure errors are sanitized before presenting them to avoid leaking local paths or secrets. 6) If you cannot review the external scripts, do not run them on sensitive hosts; use an isolated environment or container. If the author provides a canonical repository and release with checksums, re-run this evaluation with that repo included.
Capability Analysis
Type: OpenClaw Skill
Name: ai-hookbot
Version: 1.0.2
The skill bundle facilitates video processing but introduces a high-risk shell injection vulnerability by instructing the AI agent to pass user-provided inputs (like creator URLs and file paths) directly into a command-line execution string in SKILL.md. It also relies on an external, unverified repository (placeholder 'hookbot-scripts') for its core logic (pipeline.py). While it includes some security-conscious instructions like limiting environment variables, the instruction to relay error output 'verbatim' for debugging could potentially leak sensitive system information if the previous sanitization step is bypassed.
Capability Assessment
Purpose & Capability
The name/description (scrape Shorts, trim, stitch CTA) aligns with the runtime instructions (use yt-dlp + ffmpeg and run pipeline.py). However, no pipeline scripts are included in the skill bundle — the SKILL.md requires you to clone an external repository (placeholder URL) or provide your own pipeline.py. That makes the skill a set of instructions that rely on outside code the user must obtain and trust.
Instruction Scope
Instructions are concrete (install yt-dlp/ffmpeg, set HOOKBOT_* env vars, run pipeline.py via an exec). They avoid broad system interrogation (explicitly say not to source shell rc), which is good. However there is a clear contradiction: Workflow step 4 says to 'sanitize error output before relaying — strip file paths and env var values', while Notes later say 'If the pipeline errors, relay the error output to the user verbatim so they can debug.' This inconsistency could lead to accidental disclosure of local paths/credentials. Also the instructions expect the agent to run external code (pipeline.py) which could perform any file/network actions beyond what's described.
Install Mechanism
This is an instruction-only skill (no install spec), which is low surface risk, but it asks the user/agent to pip-install yt-dlp and use system ffmpeg and to git-clone a repo at https://github.com/YOUR_REPO/hookbot-scripts — that URL is a placeholder and the actual repository is not provided. Asking users to clone/run external, unspecified scripts increases risk: those scripts will run on the user's machine and could contain harmful behavior. There is no checksum, canonical repo, or packaged code included for review.
Credentials
The skill declares no required env vars and the supplied config.example.env contains only local-path settings and an optional YOUTUBE_API_KEY for the --viral flag. That is proportionate to the task. Still, because the skill instructs relaying pipeline error output, there's an elevated risk that local paths or API keys could be accidentally revealed unless the sanitization instruction is followed (and the SKILL.md contradiction is resolved).
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not require persistent or privileged system presence. It only instructs running external scripts and binaries when invoked, which is normal for a runtime pipeline.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ai-hookbot - After installation, invoke the skill by name or use
/ai-hookbot - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Republish
v1.0.1
Security: removed shell RC sourcing, explicit env var passing only, sanitize error output before relay
v1.0.0
Initial release — scrape viral YouTube Shorts hooks and stitch with your CTA video
Metadata
Frequently Asked Questions
What is AI Hookbot?
Scrape viral hooks from YouTube Shorts creators and stitch them with a CTA video to produce ready-to-post TikTok/Reels/Shorts content. Use when asked to make... It is an AI Agent Skill for Claude Code / OpenClaw, with 301 downloads so far.
How do I install AI Hookbot?
Run "/install ai-hookbot" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is AI Hookbot free?
Yes, AI Hookbot is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does AI Hookbot support?
AI Hookbot is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created AI Hookbot?
It is built and maintained by jean-maradiaga (@jean-maradiaga); the current version is v1.0.2.
More Skills