← 返回 Skills 市场
cohnen

Pixcli Skill

作者 cohnen · GitHub ↗ · v2.2.0 · MIT-0
cross-platform ⚠ suspicious
89
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pixcli-skill
功能描述
Creative toolkit for AI agents — generate images, videos, voiceover, music, and sound effects, then assemble polished output via Remotion. Uses the pixcli CL...
安全使用建议
This skill appears to be what it claims: a Node CLI that calls a pixcli service and provides Remotion templates. Before installing or running it: - Treat the PIXCLI_API_KEY like any API secret: create a limited key if possible and avoid reusing high-privilege credentials. - Installing via npm (npm install -g pixcli) will pull code from the public registry — review the npm package and its maintainers (and choose npx for one-off use if you prefer not to install globally). - The README mentions an OPENROUTER_API_KEY fallback (not listed in the skill metadata). If you have that env var set, the CLI may use it — consider removing unrelated secrets from your environment when running third-party CLIs. - The Remotion templates included in the bundle will require npm install in a copied folder and then running npx remotion (which executes JS code locally). The templates in this bundle look benign, but review any third-party template code before rendering in a sensitive environment. - If you need higher assurance, inspect the upstream npm package source (pixcli on npm / its GitHub) and the runtime behavior of the CLI (particularly network endpoints and what metadata it sends) before providing any private or sensitive data.
功能分析
Type: OpenClaw Skill Name: pixcli-skill Version: 2.2.0 The bundle is a comprehensive toolkit for AI-driven video production using the `pixcli` CLI and the Remotion framework. It is classified as suspicious because it grants the AI agent broad and high-risk permissions in `SKILL.md`, specifically the ability to execute arbitrary commands via `Bash(npm *)`, `Bash(node *)`, and `Bash(npx *)`. While these capabilities are plausibly required for managing Node.js-based video projects and installing dependencies, they represent a significant attack surface for shell injection or unauthorized code execution. No evidence of intentional malice, data exfiltration, or malicious prompt injection was found in the CLI logic, template code, or extensive documentation (IOC: pixcli.shellbot.sh).
能力评估
Purpose & Capability
Name/description (image/video/audio generation + Remotion templates) aligns with required binaries (node, npx), the single declared env var (PIXCLI_API_KEY), and the included Remotion templates and docs.
Instruction Scope
SKILL.md and README instruct running the external pixcli npm CLI and Remotion (npm install / npx remotion), copying local templates into a project, and writing generated assets to public/ (expected). The README mentions an OPENROUTER_API_KEY fallback not declared in the skill metadata — this is a minor inconsistency because it implies the tool may read an additional environment variable that wasn't listed.
Install Mechanism
There is no internal install spec; the instructions expect you to install or run the pixcli package from the public npm registry (npm install -g pixcli or npx pixcli). Installing an external npm package is a normal dependency but carries the usual supply-chain risk (arbitrary code from npm). The skill bundle itself contains Remotion templates only (no bundled pixcli binary).
Credentials
The only required credential declared is PIXCLI_API_KEY which is appropriate for a cloud API CLI. The README's mention of OPENROUTER_API_KEY as a fallback is not declared in requires.env — this should be treated as an undeclared optional env var that the CLI may inspect if present.
Persistence & Privilege
Skill is not always-enabled, does not request persistent system-wide privileges, and does not modify other skills' configuration. Runtime actions (file writes, npm installs, npx remotion) are local to the project and expected for this purpose.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pixcli-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pixcli-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.2.0
v2.2: Multi-image references, Google Search grounding, start/end frame video, PixVerse v6 models, negative prompts, native audio, job recovery command
元数据
Slug pixcli-skill
版本 2.2.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Pixcli Skill 是什么?

Creative toolkit for AI agents — generate images, videos, voiceover, music, and sound effects, then assemble polished output via Remotion. Uses the pixcli CL... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 89 次。

如何安装 Pixcli Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pixcli-skill」即可一键安装,无需额外配置。

Pixcli Skill 是免费的吗?

是的,Pixcli Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Pixcli Skill 支持哪些平台?

Pixcli Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Pixcli Skill?

由 cohnen(@cohnen)开发并维护,当前版本 v2.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论