← Back to Skills Marketplace

小剪刀视频剪辑

Name: 小剪刀视频剪辑
Author: guyuxiu

by xjd · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

111

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install xiaojiandao

Description

小剪刀AI视频剪辑skill。

Usage Guidance

This skill implements the expected video-editing flow but has several red flags you should consider before installing: (1) It requires a service token (appsecret/XJD_TOKEN) but does not declare it in the registry; the SKILL.md instructs the agent to ask you to paste the token into chat — do NOT paste long-lived or sensitive tokens into a chat. Prefer setting XJD_TOKEN as an environment variable in a controlled environment. (2) The code will upload your video/audio to external services (biyi.cxtfun.com and api-cutflow.fun.tv) and will send the token in request headers; only use with content you are comfortable sending to those domains. (3) The package relies on Python libraries (requests, pycryptodome) not declared in metadata — ensure dependencies are managed in an isolated environment. (4) If you decide to proceed, create a limited-scope or short-lived token (if possible), test with non-sensitive sample videos, and review the endpoints and AES-key mapping in crypto.py to confirm they match the official service. If you need the skill but want tighter safety, ask the author to (a) declare required env vars (XJD_TOKEN), (b) remove the instruction to paste tokens in chat, and (c) declare/install runtime dependencies.

Capability Analysis

Type: OpenClaw Skill Name: xiaojiandao Version: 1.0.1 The skill bundle is a comprehensive integration for the 'Xiao Jian Dao' (小剪刀) AI video editing platform. It provides tools for video uploading, OCR-based subtitle extraction, AI-generated commentary, and final video composition using scripts like bridge.py, oss_upload.py, and subtitle_ocr.py. While the client.py script collects system telemetry (OS, CPU model, and architecture) and crypto.py uses hardcoded AES keys for API communication with biyi.cxtfun.com and api-cutflow.fun.tv, these behaviors appear aligned with the service's operational requirements and do not exhibit signs of malicious intent, data exfiltration, or unauthorized command execution.

Capability Tags

crypto

Capability Assessment

ℹ Purpose & Capability

Files and SKILL.md implement a video upload, OCR, ASR, clipping, TTS and final compose workflow calling biyi.cxtfun.com and api-cutflow.fun.tv — this aligns with the 'video editing' purpose. However the skill metadata declares no required env vars or primary credential while the code and runtime instructions clearly rely on a user token (XJD_TOKEN / appsecret). That mismatch (no declared credential but runtime token usage) is unexpected.

⚠ Instruction Scope

The SKILL.md explicitly instructs the agent to prompt the user to paste their '小剪刀 Token' directly into the conversation if no env var is set. It also instructs sending video files/URLs to external services and returning signed OSS URLs. Asking users to provide secrets in-chat and guiding the agent to accept them expands the skill's scope into credential collection/exfiltration — behavior beyond simple editing. The instructions also permit storing token in environment variable but don't require it or restrict how the token is handled.

ℹ Install Mechanism

There is no install spec (instruction-only style), which minimizes install-time risk. But the bundle includes Python modules that depend on third-party packages (requests, pycryptodome) that are not declared in the skill metadata or SKILL.md. Running the skill will therefore require installing these dependencies on the host, which the metadata does not warn about.

⚠ Credentials

The code requires a service token (used as appsecret/X-API-Token) but the skill's declared required env vars is empty. The SKILL.md encourages direct in-chat token entry and also suggests using XJD_TOKEN for persistent use — requesting a credential but not declaring it is disproportionate and increases accidental exposure risk. The skill will send uploaded video/audio/subtitle data and the token to remote endpoints (biyi.cxtfun.com, api-cutflow.fun.tv), which users should expect but may not realize from the registry metadata.

✓ Persistence & Privilege

The skill does not request always:true and is user-invocable; it does not try to modify other skills or system-wide configuration. Autonomous invocation is allowed by default but is not combined with other elevated privileges in the manifest.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install xiaojiandao
After installation, invoke the skill by name or use /xiaojiandao
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

xiaojiandao 1.0.1 - No code or documentation changes detected in this version. - No new features, fixes, or updates introduced.

v1.0.0

xiaojiandao 1.0.0 - 全新发布：AI驱动的视频剪辑与解说 skill，每一步均需用户确认确保结果满意。 - 支持视频上传、AI风格剪辑、剧本生成、AI解说、音色与BGM推荐、配音及最终合成，全部分步交互。 - 增加显式用户确认点，并在关键步骤中展示中间结果，保证流程透明可控。 - 支持通过对话或环境变量灵活提交和更新 Token，详细引导 Token 失效处理流程。 - 支持 Markdown 格式返回视频链接，方便播放和分享。 - 明确每一步调用底层 bridge.py 命令，方便排查和二次开发。

Metadata

Slug xiaojiandao

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is 小剪刀视频剪辑?

小剪刀AI视频剪辑skill。 It is an AI Agent Skill for Claude Code / OpenClaw, with 111 downloads so far.

How do I install 小剪刀视频剪辑?

Run "/install xiaojiandao" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 小剪刀视频剪辑 free?

Yes, 小剪刀视频剪辑 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 小剪刀视频剪辑 support?

小剪刀视频剪辑 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 小剪刀视频剪辑?

It is built and maintained by xjd (@guyuxiu); the current version is v1.0.1.

More Skills