← 返回 Skills 市场

openlens-skill

Name: openlens-skill
Author: openclawrr

作者 openclawrr · GitHub ↗ · v1.0.7

cross-platform ⚠ suspicious

420

总下载

当前安装

版本数

在 OpenClaw 中安装

/install openlens-skill

功能描述

Minimalist AI video generation portal offering prompt refinement, image-to-video conversion, local saving, streaming downloads, and both GUI and CLI access.

安全使用建议

Do not install or run this skill as-is. Key issues to address before use: - Replace/remove the bundled config.json: it contains bearer-style API keys; treat them as compromised. If you find these keys are valid, rotate them immediately at the provider and do not reuse them. - Inspect and do not execute publish.sh or any publishing automation unless you understand and intend to push this repository; publish.sh contains an absolute path and will attempt to push to GitHub/ClawHub. - Before running, create your own config.json (or delete the included one), set your API endpoints/keys locally, and keep the file out of any public repo (.gitignore is referenced but verify). Use principle of least privilege for API keys. - Run setup.sh only after reviewing it (it creates a venv and installs requirements — safe but confirm network/package choices). Run Streamlit/CLI in an isolated environment. - If you want to install the skill into a shared agent, ensure the agent's environment does not use the embedded config.json and that keys are provided via secure agent config or parameterized invocation rather than included files. Summary: functionality matches the description, but embedded secrets and publishing scripts are disproportionate and risky. Clean or remove those artifacts and rotate any possibly exposed keys before using.

功能分析

Type: OpenClaw Skill Name: openlens-skill Version: 1.0.7 The OpenLens skill's core functionality is benign, designed for AI image/video generation and local file saving. However, the `config.json` file within the bundle contains a live API key (`sk-px-97d6f29fb4c79b6f21b7ae000d9dab669a4fa1ab`). This constitutes a critical credential exposure vulnerability, despite documentation (`CHANGELOG.md`, `RELEASE-v1.0.7.md`) indicating the developer's intent to protect such keys. The code itself uses this key for its stated purpose and does not exhibit malicious intent like exfiltration or unauthorized actions, but the exposure of a live credential warrants a 'suspicious' classification.

能力评估

ℹ Purpose & Capability

The code (skill_main.py, cli.py, app.py, openlens-web/) implements T2I/T2V/I2V/V2V and a Streamlit GUI exactly as described; network calls and local saving behavior are coherent with the stated purpose. However, the repository includes a populated config.json containing API keys, which contradicts the SKILL.md guidance that users should put their own credentials into config.json and suggests the bundle was published with secrets embedded—this is not necessary for the stated purpose and is disproportionate.

⚠ Instruction Scope

SKILL.md instructs running the GUI/CLI and editing config.json for API credentials, which matches the code. But runtime files include actions beyond simple generation: a publish.sh that changes directories to an absolute user path and performs git push/clawhub publish, and GitHub Actions publish.yml. While these scripts are inert unless executed, they give the skill the capability to push code or trigger remote publication if run. The code itself reads/writes only local config.json and outputs/, but the included publish utilities and hard-coded config file expand scope unexpectedly.

✓ Install Mechanism

There is no remote download or package-install step in the manifest; setup.sh uses standard venv + pip and requirements.txt. No extraction from arbitrary URLs or unusual install locations is present. This is a low-risk, typical local Python install mechanism.

⚠ Credentials

The skill declares no required environment variables, which is consistent, but the repository contains a config.json with populated API keys (video_api_key and text_api_key appear as bearer tokens). Bundling credentials inside the skill package is disproportionate and dangerous: it exposes secrets to anyone with the package and encourages reuse of embedded credentials. The tool_definition and code expect a user-supplied API key parameter, so embedding keys is unnecessary and inconsistent with least privilege.

ℹ Persistence & Privilege

The manifest does not request persistent or elevated privileges (always:false). The skill does not modify other skills or global configs. That said, included scripts (publish.sh and publish.yml) are able to push to GitHub / ClawHub when executed and publish.sh references an absolute workspace path (/Users/clawdbot/.openclaw/workspace/openlens-skill), which could cause accidental repository leakage if run in a different environment or by an automated process—this increases blast radius if a user executes the script without review.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install openlens-skill
安装完成后，直接呼叫该 Skill 的名称或使用 /openlens-skill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.7

- Added changelog and release notes files for version 1.0.7. - Introduced config.json for easier API setup. - New video outputs saved in the outputs directory.

v1.0.6

- Initial release of openlens-skill version 1.0.6. - Added main skill logic (skill_main.py). - Introduced configuration example (config.example.json). - Added web app backend with requirements (openlens-web/app.py, openlens-web/requirements.txt). - Included documentation (openlens-web/README.md, tool_definition.json).

v1.0.5

- Updated app.py and manifest.json for version 1.0.5. - No changes to user-facing documentation (SKILL.md content remains the same). - General improvements or fixes included in app.py and manifest.json.

v1.0.4

Version 1.0.4 of openlens-skill - No changes were detected in this version. - SKILL.md and all other files remain unchanged.

v1.0.2

- Removed the sample config.json file from the repository. - Updated SKILL.md to use placeholder values in the configuration example for increased privacy and security.

v1.0.1

- Added configuration and publishing files: config.json, config.toml, publish.sh, and publish.yml. - Improved setup for configuration management and deployment workflows.

v1.0.0

OpenLens Skill 1.0.0 – Minimalist AI Video Generation Portal - Provides a transparent pass-through interface to private video APIs with no content filtering. - Supports both GUI (Streamlit) and CLI operation modes. - Features include LLM-based prompt refinement, image-to-video generation, auto-download and streaming of large videos, and configurable local output. - Allows manual API setup with OpenAI-style /v1/video/generations protocol compatibility. - Includes robust async polling, age verification gate (18+), and CLI automation support. - No safety middleware; fully user-controlled configuration and content.

元数据

Slug openlens-skill

版本 1.0.7

许可证 —

累计安装 0

当前安装数 0

历史版本数 7

常见问题

openlens-skill 是什么？

Minimalist AI video generation portal offering prompt refinement, image-to-video conversion, local saving, streaming downloads, and both GUI and CLI access. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 420 次。

如何安装 openlens-skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openlens-skill」即可一键安装，无需额外配置。

openlens-skill 是免费的吗？

是的，openlens-skill 完全免费（开源免费），可自由下载、安装和使用。

openlens-skill 支持哪些平台？

openlens-skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 openlens-skill？

由 openclawrr（@openclawrr）开发并维护，当前版本 v1.0.7。