← 返回 Skills 市场
AI Hookbot
作者
jean-maradiaga
· GitHub ↗
· v1.0.2
· MIT-0
301
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install ai-hookbot
功能描述
Scrape viral hooks from YouTube Shorts creators and stitch them with a CTA video to produce ready-to-post TikTok/Reels/Shorts content. Use when asked to make...
使用说明 (SKILL.md)
AI Hookbot
Runs the Hookbot pipeline: scrapes YouTube Shorts hooks from a creator's channel, trims them, and stitches each with your CTA video to produce ready-to-post vertical content.
Setup
1. Install dependencies
pip install yt-dlp
brew install ffmpeg # macOS; or apt install ffmpeg on Linux
2. Clone the pipeline scripts
git clone https://github.com/YOUR_REPO/hookbot-scripts ~/hookbot
Or place
pipeline.pyand related scripts in any directory — just setHOOKBOT_SCRIPTS_DIRbelow.
3. Configure environment variables
Copy config.example.env, fill in your paths, and either source it or add it to your shell profile:
cp config.example.env ~/.hookbot.env
# edit ~/.hookbot.env
source ~/.hookbot.env
| Variable | Description | Default |
|---|---|---|
HOOKBOT_SCRIPTS_DIR |
Directory containing pipeline.py |
~/hookbot |
HOOKBOT_CTA_DIR |
Default folder to look for CTA videos | ~/hookbot/cta |
HOOKBOT_YTDLP_PATH |
Path to yt-dlp binary |
yt-dlp (assumes in PATH) |
HOOKBOT_FFMPEG_PATH |
Path to ffmpeg binary |
ffmpeg (assumes in PATH) |
YOUTUBE_API_KEY |
YouTube Data API v3 key (only needed for --viral) |
(optional) |
Workflow
-
Parse the user's request to extract:
creator_url— YouTube Shorts URL (e.g.https://www.youtube.com/@ZackD/shorts). If only a handle/name is given, construct the URL.cta_video— Path to CTA video. If only a filename is given, resolve against$HOOKBOT_CTA_DIR. If not specified, prompt the user.count— Number of hooks (default: 10)hook_duration— Seconds to grab from each hook (default: 3.0)output_dir— Where to save final videos (default:./outputrelative to$HOOKBOT_SCRIPTS_DIR)
-
Resolve paths from environment variables (fall back to defaults if unset):
SCRIPTS_DIR="${HOOKBOT_SCRIPTS_DIR:-~/hookbot}"
CTA_DIR="${HOOKBOT_CTA_DIR:-~/hookbot/cta}"
YTDLP="${HOOKBOT_YTDLP_PATH:-yt-dlp}"
FFMPEG="${HOOKBOT_FFMPEG_PATH:-ffmpeg}"
- Run the pipeline via
exec, passing only the required env vars explicitly (do NOT source~/.zshrcor any shell RC file):
cd "$SCRIPTS_DIR" && \
YTDLP_PATH="$YTDLP" \
FFMPEG_PATH="$FFMPEG" \
YOUTUBE_API_KEY="${YOUTUBE_API_KEY:-}" \
python3 pipeline.py "\x3Ccreator_url>" "\x3Ccta_video>" \
--count \x3Ccount> \
--hook-duration \x3Chook_duration> \
--output \x3Coutput_dir> \
[--viral]
Add --viral when the user wants hooks sorted by view count (requires YOUTUBE_API_KEY). Default pulls most recent Shorts.
- Report back a summary:
- How many hooks were scraped
- How many final videos were created
- Output directory path
- Any failures (sanitize error output before relaying — strip file paths and env var values)
Prompting for Missing Info
- CTA video not specified: Ask "Which CTA video should I use?" then list
.mp4files in$HOOKBOT_CTA_DIR. - Creator not specified: Ask for the YouTube channel handle or Shorts URL.
HOOKBOT_SCRIPTS_DIRnot set / pipeline.py not found: Tell the user to set the env var and point it to the scripts directory.
Example Invocations
- "Make me 10 hooks from @ZackD with MyCTA.mp4"
- "Scrape 5 hooks from youtube.com/@SomeCreator/shorts using my furniture CTA"
- "Run hookbot on @MrBeast, 3 second hooks, 15 videos, viral sort"
- "Make hooks from @PeterMcKinnon"
Notes
- Output videos are 9:16 vertical (1080×1920), normalized automatically.
- Temp files are cleaned up automatically by the pipeline.
- A
manifest.jsonis saved in the output directory with metadata. - If the pipeline errors, relay the error output to the user verbatim so they can debug.
--viralflag requires a YouTube Data API v3 key set asYOUTUBE_API_KEY. Get one at console.cloud.google.com.
安全使用建议
This skill is mostly a runbook for an external pipeline rather than a self-contained implementation. Before using it: 1) Do not clone or run an unknown repository — the SKILL.md points to a placeholder repo. Ask the author for the exact repo URL and a commit/tag and verify the code (pipeline.py) yourself. 2) Audit the external pipeline.py and any scripts for network calls, file access, or credential usage before executing. 3) Decide whether to enable the agent to run the pipeline autonomously — the pipeline will execute commands (yt-dlp, ffmpeg) and download content. 4) Be careful with the optional YouTube API key: only supply it if you trust the code and only for --viral. 5) Resolve the contradictory error-handling guidance: ensure errors are sanitized before presenting them to avoid leaking local paths or secrets. 6) If you cannot review the external scripts, do not run them on sensitive hosts; use an isolated environment or container. If the author provides a canonical repository and release with checksums, re-run this evaluation with that repo included.
功能分析
Type: OpenClaw Skill
Name: ai-hookbot
Version: 1.0.2
The skill bundle facilitates video processing but introduces a high-risk shell injection vulnerability by instructing the AI agent to pass user-provided inputs (like creator URLs and file paths) directly into a command-line execution string in SKILL.md. It also relies on an external, unverified repository (placeholder 'hookbot-scripts') for its core logic (pipeline.py). While it includes some security-conscious instructions like limiting environment variables, the instruction to relay error output 'verbatim' for debugging could potentially leak sensitive system information if the previous sanitization step is bypassed.
能力评估
Purpose & Capability
The name/description (scrape Shorts, trim, stitch CTA) aligns with the runtime instructions (use yt-dlp + ffmpeg and run pipeline.py). However, no pipeline scripts are included in the skill bundle — the SKILL.md requires you to clone an external repository (placeholder URL) or provide your own pipeline.py. That makes the skill a set of instructions that rely on outside code the user must obtain and trust.
Instruction Scope
Instructions are concrete (install yt-dlp/ffmpeg, set HOOKBOT_* env vars, run pipeline.py via an exec). They avoid broad system interrogation (explicitly say not to source shell rc), which is good. However there is a clear contradiction: Workflow step 4 says to 'sanitize error output before relaying — strip file paths and env var values', while Notes later say 'If the pipeline errors, relay the error output to the user verbatim so they can debug.' This inconsistency could lead to accidental disclosure of local paths/credentials. Also the instructions expect the agent to run external code (pipeline.py) which could perform any file/network actions beyond what's described.
Install Mechanism
This is an instruction-only skill (no install spec), which is low surface risk, but it asks the user/agent to pip-install yt-dlp and use system ffmpeg and to git-clone a repo at https://github.com/YOUR_REPO/hookbot-scripts — that URL is a placeholder and the actual repository is not provided. Asking users to clone/run external, unspecified scripts increases risk: those scripts will run on the user's machine and could contain harmful behavior. There is no checksum, canonical repo, or packaged code included for review.
Credentials
The skill declares no required env vars and the supplied config.example.env contains only local-path settings and an optional YOUTUBE_API_KEY for the --viral flag. That is proportionate to the task. Still, because the skill instructs relaying pipeline error output, there's an elevated risk that local paths or API keys could be accidentally revealed unless the sanitization instruction is followed (and the SKILL.md contradiction is resolved).
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not require persistent or privileged system presence. It only instructs running external scripts and binaries when invoked, which is normal for a runtime pipeline.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ai-hookbot - 安装完成后,直接呼叫该 Skill 的名称或使用
/ai-hookbot触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Republish
v1.0.1
Security: removed shell RC sourcing, explicit env var passing only, sanitize error output before relay
v1.0.0
Initial release — scrape viral YouTube Shorts hooks and stitch with your CTA video
元数据
常见问题
AI Hookbot 是什么?
Scrape viral hooks from YouTube Shorts creators and stitch them with a CTA video to produce ready-to-post TikTok/Reels/Shorts content. Use when asked to make... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 301 次。
如何安装 AI Hookbot?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ai-hookbot」即可一键安装,无需额外配置。
AI Hookbot 是免费的吗?
是的,AI Hookbot 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
AI Hookbot 支持哪些平台?
AI Hookbot 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 AI Hookbot?
由 jean-maradiaga(@jean-maradiaga)开发并维护,当前版本 v1.0.2。
推荐 Skills