← 返回 Skills 市场
241
总下载
0
收藏
0
当前安装
12
版本数
在 OpenClaw 中安装
/install pixcli
功能描述
Creative toolkit for AI agents — generate images, videos, voiceover, music, and sound effects, then assemble polished output via Remotion. Uses the pixcli CL...
安全使用建议
This skill is coherent with its stated purpose, but review these before installing: 1) Only provide a PIXCLI_API_KEY you trust and scope it where possible; avoid using high-privilege or long-lived keys if you can. 2) Ask the publisher why README mentions OPENROUTER_API_KEY ( undocumented fallback ) and confirm whether your environment must set it. 3) Verify the 'pixcli' npm package and the homepage (https://pixcli.shellbot.sh / GitHub repo) yourself — npx will fetch and execute code from npm on first run. 4) Be cautious about allowing the agent to change --api-url or --key flags (these can redirect traffic to arbitrary endpoints). If you rely on this skill in an automated agent, prefer least-privilege keys and monitor network activity and usage billing.
功能分析
Type: OpenClaw Skill
Name: pixcli
Version: 2.3.10
The pixcli skill bundle provides a comprehensive toolkit for AI agents to generate and assemble media, but it is classified as suspicious due to high-risk capabilities and a broad attack surface. It requires extensive shell permissions with wildcards for commands like `cp`, `mkdir`, and `pixcli`, and relies on `npx` to download and execute code from npm at runtime. Furthermore, the `SKILL.md` instructions explicitly direct the agent to parse and execute `check_command` strings returned by the remote API (https://pixcli.shellbot.sh), which could be leveraged for remote command injection if the service were compromised. While these behaviors are plausibly necessary for the stated purpose of video production and asset management, they exceed the threshold for a benign classification.
能力标签
能力评估
Purpose & Capability
Name, description, required binaries (node, npx), declared primary credential (PIXCLI_API_KEY), and the included Remotion templates all match the stated purpose of generating media and assembling video. Bundled template package.json files and Remotion code are directly relevant to the described functionality.
Instruction Scope
SKILL.md clearly scopes agent actions to running 'npx --yes pixcli' and 'npx remotion' plus installing declared template deps (npm install inside copied template directories). That scope is reasonable. Two minor issues: 1) README refers to OPENROUTER_API_KEY as a fallback environment variable but that variable is not declared in requires.env; 2) SKILL.md repeatedly asserts there is 'no arbitrary npx' or 'no node <script>' but running 'npx' still executes code from npm packages (intended here for pixcli/remotion). These are not necessarily malicious but are scope-related inconsistencies you may want clarified.
Install Mechanism
There is no automatic install spec; runtime behavior relies on npx to fetch the published 'pixcli' package and on npm to install declared deps in template directories. Using npm/npx is expected for this kind of CLI. Note: npx executes remote package code on first run (standard behavior), so trust of the npm package and registry is the relevant risk surface.
Credentials
The skill requests a single primary credential (PIXCLI_API_KEY), which fits the stated API usage. However, README mentions OPENROUTER_API_KEY as a fallback (not declared in requires.env), and the CLI exposes --api-url and --key flags that allow overriding endpoints/keys. Those capabilities are reasonable for debugging, but they increase the attack surface if an agent is allowed to set arbitrary api-url/keys — an attacker-controlled endpoint could be used to exfiltrate generated prompts or local files if misused. Confirm that any key you provide is scoped and that you trust the npm package and api endpoint.
Persistence & Privilege
always:false and default autonomous invocation are set (normal). The skill does not request system-wide config changes or access to other skills' credentials, and there are no install scripts requiring persistent elevated privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pixcli - 安装完成后,直接呼叫该 Skill 的名称或使用
/pixcli触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.3.10
Added full OpenAI gpt2 image model and heygen video avatars)
v2.3.8
Added full Seedance support with reference images
v2.3.7
Added full Seedance support with reference images
v2.3.6
Added better control of async and estimation of time execution
v2.3.5
Added better control of async and estimation of time execution
v2.3.4
Security audit fixes: declared install step + env requirements in frontmatter (fixes 'Required env vars: none' / 'Primary credential: none'), added Requirements
section with runtime explanation table, added 'What does NOT run' negative-scope declaration, cleaned YAML frontmatter.
v2.3.3
Agent execution optimization: --no-wait flag on all generation commands (submit and return immediately), machine-readable timeout recovery with check_command/wait_command in JSON errors, comprehensive agent execution guide in SKILL.md with submit→check pattern, token consumption table, and parallel pipeline examples.
v2.3.2
Security: tightened allowed-tools to the principle of least privilege. Removed broad npm/node/npx wildcards. The agent can now only run pixcli, remotion, the
specific npm scripts that ship with bundled templates (install, run verify/typecheck/render), ffmpeg/ffprobe, and filesystem helpers. Setup docs updated to prefer npx over
global install. No content or feature changes.
v2.3.1
Seedance 2.0 prompt playbook
v2.3.0
Seedance 2.0 prompt playbook: 6-element formula (Subject → Action → Environment → Camera → Style → Constraints), camera catalog, lighting table, timeline prompting for 10s+ clips, multimodal role assignment, 10+ ready-to-paste Seedance command recipes. New references/seedance-playbook.md deep reference. pixcli models command docs. Updated video model list to include all 11 Seedance variants, Veo 3.1 Fast T2V, LTX 2.3 extend.
v2.2.1
Version 2.2.1
- No file or documentation changes detected in this release.
- Version number increment only; no new features, fixes, or updates included.
v2.2.0
pixcli 2.2.0
- Adds new voice options and multi-language support for voiceover generation.
- Introduces native audio generation (BGM, SFX, dialogue) in video models when supported.
- Expands bundled Remotion video templates and rule references for easier, higher-quality video assembly.
- Updates and clarifies example commands, usage tips, and available model lists across all capabilities.
- Enhances guidance on recovering timed-out jobs and controlling video start frames for a more robust workflow.
元数据
常见问题
Pixcli Skill 是什么?
Creative toolkit for AI agents — generate images, videos, voiceover, music, and sound effects, then assemble polished output via Remotion. Uses the pixcli CL... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 241 次。
如何安装 Pixcli Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pixcli」即可一键安装,无需额外配置。
Pixcli Skill 是免费的吗?
是的,Pixcli Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pixcli Skill 支持哪些平台?
Pixcli Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pixcli Skill?
由 cohnen(@cohnen)开发并维护,当前版本 v2.3.10。
推荐 Skills