← 返回 Skills 市场
romainsimon

Melies

作者 Romain SIMON · GitHub ↗ · v2.1.0 · MIT-0
cross-platform ⚠ suspicious
262
总下载
1
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install melies
功能描述
AI filmmaking CLI with 148 built-in actors, 98 visual styles, and smart model selection. Generate images, videos, posters, and thumbnails without prompt engi...
安全使用建议
This skill appears to do what it says: a CLI that talks to melies.co. Before installing, confirm you trust the melies npm package and the melies.co domain. Be aware the CLI saves your API token to ~/.melies/config.json and will open a browser and run a short-lived localhost server during the login flow — both are standard but mean the token is stored locally. Only provide a token with the minimum needed permissions and do not set MELIES_API_URL to an untrusted host (changing it could redirect your token/requests). If you need stronger assurance, review the package source on the upstream repo and install from a verified registry account.
功能分析
Type: OpenClaw Skill Name: melies Version: 2.1.0 The Melies CLI skill bundle is classified as suspicious due to significant security vulnerabilities that could be exploited via prompt injection. Specifically, the login command in src/commands/login.ts (and the compiled dist/index.js) is vulnerable to shell injection because it incorporates the MELIES_API_URL environment variable into a child_process.exec call without sanitization. Additionally, multiple commands including image, video, and pipeline (src/commands/image.ts, src/commands/video.ts, src/commands/pipeline.ts) allow arbitrary file writes via the --output flag without path validation, potentially enabling the overwriting of sensitive system files. While these appear to be unintentional vulnerabilities rather than intentional malware, they pose a high risk in an autonomous agent environment.
能力评估
Purpose & Capability
Name/description (AI filmmaking CLI) match the code, SKILL.md, and package.json. Requested binaries (melies), declared config path (~/.melies/config.json), and env vars (MELIES_TOKEN, MELIES_API_URL) are appropriate for a networked CLI that authenticates to melies.co. The node/npm install of the 'melies' package is proportionate.
Instruction Scope
SKILL.md and the code instruct normal CLI operations: npm install, melies login (browser flow or token), generation commands, and optional --sync/--dry-run. Runtime code starts a local HTTP listener to receive an auth callback and opens a browser (child_process.exec) — this is common for CLI OAuth flows but worth noting. The CLI reads/writes only its declared config file (~/.melies/config.json) and calls the melies API; it does not attempt to read other system files or unrelated credentials.
Install Mechanism
Install spec is a published Node package ('melies') that creates the 'melies' binary. No downloads from ad-hoc URLs or archive extraction is used. The package.json and built/dist files are present and consistent with the SKILL.md.
Credentials
Only MELIES_TOKEN (primary credential) and MELIES_API_URL are required — reasonable for an API-backed CLI. One caution: MELIES_API_URL (and the config file) can be overridden; if pointed to a malicious endpoint, a token could be sent to an attacker-controlled server. Ensure you only set MELIES_API_URL to trusted endpoints and use tokens with appropriate scope/limits.
Persistence & Privilege
The skill does not request always:true and uses normal autonomous invocation. It stores its own token to ~/.melies/config.json (consistent with a CLI) and does not modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install melies
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /melies 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.1.0
- Added browser-based login: run `melies login` to authenticate via browser (no token required). - Updated authentication instructions in documentation for clarity and multiple login methods. - Refactored login command to support browser auth and streamline token usage. - Improved DX for CI and agents (token now consistent as CLI flag or env var). - Minor documentation updates for commands and options.
v2.0.0
**Major update – skill expanded with actor presets, style flags, and new creative pipelines** - Added 148 built-in AI actors and 98 visual styles; use --actor, --art-style, --lighting, --mood flags instead of detailed prompt engineering. - Introduced thumbnail, pipeline, upscale, and remove-bg commands for streamlined creative tasks. - Smart model selection with `--fast`, `--quality`, and `--best` presets; model overrides still supported. - Visual style and camera/lens attribute flags now available for more cinematic control. - New commands: melies actors, melies styles, melies pipeline, melies thumbnail, melies remove-bg, melies upscale. - Comprehensive CLI documentation updated; poster, image, and video commands enhanced for natural language and style-flag input.
v1.1.1
- Added MELIES_API_URL as a required environment variable in metadata. - Listed ~/.melies/config.json as a config file in metadata. - Version bumped from 1.1.0 to 1.1.1.
v1.1.0
Melies 1.1.0 Changelog - Added detailed documentation (SKILL.md) covering installation, authentication, and CLI command usage. - Enhanced CLI support for image, video, and movie poster generation using 50+ models. - Introduced new features: style transfer, image-to-video, and consistent character/object references with `melies ref`. - Improved workflows for filmmakers and content creators: batch generation, YouTube thumbnails, and asset management. - Clarified authentication methods and options for both API token and email/password logins. - Provided usage examples and best practices for common generation pipelines.
元数据
Slug melies
版本 2.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 4
常见问题

Melies 是什么?

AI filmmaking CLI with 148 built-in actors, 98 visual styles, and smart model selection. Generate images, videos, posters, and thumbnails without prompt engi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 262 次。

如何安装 Melies?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install melies」即可一键安装,无需额外配置。

Melies 是免费的吗?

是的,Melies 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Melies 支持哪些平台?

Melies 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Melies?

由 Romain SIMON(@romainsimon)开发并维护,当前版本 v2.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论