← 返回 Skills 市场

cutmv

Name: cutmv
Author: qiaotucodes

作者魏然 · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

471

总下载

当前安装

版本数

在 OpenClaw 中安装

/install cutmv

功能描述

Video processing tool using FFmpeg for cutting, format conversion, compression, frame/audio extraction, watermarking, and subtitle addition.

使用说明 (SKILL.md)

SKILL.md - cutmv Video Tool

Skill Name

cutmv-video-tool

Description

A video processing skill for OpenClaw that leverages FFmpeg to perform video/audio cutting, format conversion, and compression. Perfect for handling video files for messaging apps with file size limits.

Capabilities

Video Cutting: Split video/audio by time range
Format Conversion: Convert between video/audio formats (mp4, avi, mp3, wav, etc.)
Video Compression: Compress videos with adjustable bitrate
Frame Extraction: Extract frames from videos at specified intervals
Audio Extraction: Extract audio track from video
Audio Replacement: Replace or mix audio in video
Text Watermark: Add text overlay on video (requires freetype)
Subtitle: Add .srt/.ass subtitle files to video

Use Cases

Compress videos to send via WeChat/Lark/Telegram (16MB limit)
Extract screenshots from videos for analysis
Convert video formats for different platforms
Cut specific segments from long videos

Requirements

System Requirements

FFmpeg installed and available in PATH
Python 3.7+

Python Dependencies

None (uses subprocess to call ffmpeg)

Installation

Ensure FFmpeg is installed on your system:
- macOS: brew install ffmpeg
- Ubuntu: sudo apt install ffmpeg
- Windows: Download from ffmpeg.org or winget install ffmpeg

Place the skill files in your workspace:

~/openclaw-workspace/skills/cutmv-video-tool/
├── SKILL.md
├── skill.py
├── README.md
└── README-CN.md

Usage

Python API

from skill import VideoTool

tool = VideoTool()

# Compress video for messaging
tool.compress("input.mp4", "output.mp4", bitrate="1000k")

# Cut video segment
tool.cut("input.mp4", "clip.mp4", start_time=30, end_time=90)

# Convert format
tool.convert("input.mp4", "output.avi", "avi")

# Extract frames every 10 seconds
tool.extract_frames("input.mp4", "./frames/", interval=10)

CLI Usage

# Compress video
python skill.py compress input.mp4 output.mp4 1000k

# Cut video
python skill.py cut input.mp4 clip.mp4 0 60

# Convert format
python skill.py convert input.mp4 output.mp3 mp3

Configuration

No additional configuration required. The skill uses system FFmpeg installation.

Testing

Run the built-in tests:

python skill.py test

License

MIT License

Author

Isaac (@QiaoTuCodes)

Acknowledgments

OpenClaw team for the platform
FFmpeg team for media processing tools

Author Identity: yanyan@3c3d77679723a2fe95d3faf9d2c2e5a65559acbc97fef1ef37783514a80ae453

安全使用建议

This skill appears to do what it claims (video ops via FFmpeg), but check these before installing: - Verify FFmpeg/ffprobe are required: SKILL.md and code require ffmpeg on PATH even though the registry metadata omits it. Ensure you have FFmpeg installed from a trusted source. - Review the code locally (skill.py) before running. There is use of eval() when parsing ffprobe output — that is a potential code-injection risk if input metadata is malicious. If you will process untrusted files, either sandbox execution or patch the code to avoid eval (e.g., parse the fraction safely). - Confirm provenance: source/homepage is unknown. Prefer skills with a verifiable repository or maintainer identity. The README references a GitHub repo and authors; validate those links and signatures if possible. - Run the tests and the CLI in a safe environment (sandbox or VM) to observe behavior: python skill.py test and sample operations on harmless media files. - If you need tighter security, request the author to (1) update registry metadata to list ffmpeg/ffprobe as required binaries, (2) remove eval and handle ffprobe output safely, and (3) provide a canonical source/repo for review. Given these issues, proceed with caution. The problems look like sloppy metadata and one unsafe code pattern rather than clear malicious intent, hence 'suspicious' with medium confidence.

功能分析

Type: OpenClaw Skill Name: cutmv Version: 1.0.0 The `skill.py` file contains a critical Remote Code Execution (RCE) vulnerability. The `get_video_info` function uses `eval()` on the `r_frame_rate` value extracted from video metadata via `ffprobe`. An attacker could craft a malicious video file whose metadata contains arbitrary Python code, leading to its execution. Additionally, the `add_subtitle` and `add_text_watermark` functions are vulnerable to command injection, as user-controlled `subtitle_file`, `style`, and `text` arguments are embedded into FFmpeg filter strings without robust sanitization, potentially allowing arbitrary FFmpeg commands or filter-based exploits.

能力评估

⚠ Purpose & Capability

The skill's name, README, SKILL.md, and code all describe an FFmpeg-based video tool, which is coherent. However the registry metadata claims no required binaries/configs while SKILL.md and skill.py clearly require FFmpeg and ffprobe on PATH — the declared requirements are incomplete. The source/homepage is 'unknown' even though README references a GitHub repo URL, so provenance is unclear.

ℹ Instruction Scope

SKILL.md stays within the expected scope (running ffmpeg/ffprobe via skill.py). It does not instruct reading unrelated system files or using external endpoints. The runtime uses subprocess with argument lists (no shell=True), which is safer. However skill.py uses eval(...) when parsing ffprobe's r_frame_rate which is an unsafe pattern if ffprobe output can be tampered with or if untrusted metadata is processed.

✓ Install Mechanism

No install spec (instruction-only plus a Python file) — lowest install risk. The skill relies on a system FFmpeg/ffprobe installation as documented in SKILL.md rather than pulling arbitrary code from the network during install.

⚠ Credentials

The skill declares no required environment variables or credentials, which is appropriate. But it fails to declare the required system binaries (ffmpeg/ffprobe) in the registry metadata — an omission that underreports the actual external dependency. There are no requests for unrelated secrets or config paths.

✓ Persistence & Privilege

The skill does not request persistent privileges (always:false) and does not modify other skills or system settings. Autonomous invocation is allowed (default) but that's normal for skills and not combined with other high-risk factors here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install cutmv
安装完成后，直接呼叫该 Skill 的名称或使用 /cutmv 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

cutmv-video-tool 1.0.0 initial release: - Provides video and audio processing features powered by FFmpeg. - Supports video cutting, format conversion, and video compression. - Can extract frames or audio from video, and replace or mix audio tracks. - Adds text watermarks and subtitle files to videos. - Usable as both a Python API and a CLI tool, with no external Python dependencies required.

元数据

Slug cutmv

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

cutmv 是什么？

Video processing tool using FFmpeg for cutting, format conversion, compression, frame/audio extraction, watermarking, and subtitle addition. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 471 次。

如何安装 cutmv？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cutmv」即可一键安装，无需额外配置。

cutmv 是免费的吗？

是的，cutmv 完全免费（开源免费），可自由下载、安装和使用。

cutmv 支持哪些平台？

cutmv 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 cutmv？

由魏然（@qiaotucodes）开发并维护，当前版本 v1.0.0。