← 返回 Skills 市场
147
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install qushuiyin
功能描述
短视频去水印下载。检测到抖音、快手、小红书、B站、微博、西瓜视频等平台链接时,自动解析并下载无水印视频,直接发送文件给用户。
安全使用建议
Before installing, consider these points:
- This skill will automatically send any detected short-video link to an external API (https://qyapi.ipaybuy.cn) for parsing — if you don't trust that service, do not install it. The service will receive the URLs and potentially other metadata.
- Downloaded videos are stored under /www/wwwroot/default/videos and served via HTTP on port 8899. That rehosts content publicly; check permissions, privacy, copyright, and whether you want files placed in your webroot.
- The bundled script contains hard-coded placeholders for APP_ID/APP_KEY and SERVER_IP. The skill doesn't declare these as required config — you would need to edit the script or otherwise provide credentials/host info. That mismatch is suspicious and could lead to accidental leaks if real keys are later inserted without proper controls.
- Because the skill auto-runs on any message containing matching links, it can exfiltrate links without explicit user confirmation. If you proceed, consider disabling autonomous invocation, sandboxing the skill, or replacing the third-party API with a trusted in-house parser and configuring storage to a safe location.
- If you must use it: review the external API's privacy policy, run the script in a restricted environment, set proper file permissions, and replace placeholders with your own trusted credentials and server only after careful review.
功能分析
Type: OpenClaw Skill
Name: qushuiyin
Version: 1.0.0
The skill exhibits risky behavior by instructing the AI agent to execute a shell command in SKILL.md using user-provided URLs within single quotes, which presents a shell injection vulnerability. Additionally, the download.py script writes files to a sensitive web-root directory (/www/wwwroot/default/videos) and relies on a third-party API (qyapi.ipaybuy.cn) and a hardcoded IP (81.70.156.92) for functionality, which are high-risk patterns even if not explicitly malicious.
能力评估
Purpose & Capability
The name and description match the implementation: the skill accepts short-video links, calls a parsing API, downloads the resulting video, and returns it. However, the implementation expects a web-accessible storage location (/www/wwwroot/default/videos) and an HTTP base URL, which the SKILL metadata does not declare as required configuration or permissions. Rehosting files under the agent's webroot is a capability that should be explicitly disclosed.
Instruction Scope
SKILL.md instructs the agent to auto-trigger on any message containing target-platform links and run the included script. The script sends the provided video URL to an external API (https://qyapi.ipaybuy.cn/api/video) and downloads the returned file. That means user-supplied links (and therefore potentially private or sensitive URLs) are transmitted off-host without any explicit opt-in beyond the skill description. Automatic invocation on any matching message increases the blast radius.
Install Mechanism
There is no install spec (instruction-only plus a small script bundled). Nothing is downloaded at install time and no external binaries are pulled, so install mechanism risk is low.
Credentials
The skill declares no required env vars or credentials, but the bundled script contains hard-coded placeholders for APP_ID, APP_KEY ('密钥'), and SERVER_IP ('服务器ip'). The code expects to use a third-party API and to construct a public BASE_URL for served videos. Required configuration/credentials are not declared, and the external API endpoint is untrusted/unknown — user data (URLs) will be sent there. Writing into a webroot and exposing files publicly is a disproportionate side-effect not reflected in metadata.
Persistence & Privilege
The skill writes downloaded videos into /www/wwwroot/default/videos and exposes them via HTTP on port 8899. While always:false (not force-installed), the skill is allowed to invoke autonomously and is configured to auto-run on matching messages; combined with external uploads and persistent storage this is a notable privilege (data is persisted and publicly exposed).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install qushuiyin - 安装完成后,直接呼叫该 Skill 的名称或使用
/qushuiyin触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
**Major update: Skill refocused to automatic watermark-free short video downloads for specific platforms.**
- Automatically detects and downloads no-watermark videos from Douyin, Kuaishou, Xiaohongshu, Bilibili, Weibo, and Xigua links in messages.
- Simplified implementation: extracts URL from message and processes via a single script (`scripts/download.py`).
- Relies on third-party API, with no need for cookies or authentication.
- On success, sends video file directly or provides a public download link; on failure, replies with error reason.
- Removed general-purpose, multi-site, and subtitle/transcription functionality.
元数据
常见问题
短视频去水印下载。检测到抖音、快手、小红书、B站、微博、西瓜视频等平台链接时,自动解析并下载无水印视频,直接发送文件给用户。 是什么?
短视频去水印下载。检测到抖音、快手、小红书、B站、微博、西瓜视频等平台链接时,自动解析并下载无水印视频,直接发送文件给用户。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 147 次。
如何安装 短视频去水印下载。检测到抖音、快手、小红书、B站、微博、西瓜视频等平台链接时,自动解析并下载无水印视频,直接发送文件给用户。?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install qushuiyin」即可一键安装,无需额外配置。
短视频去水印下载。检测到抖音、快手、小红书、B站、微博、西瓜视频等平台链接时,自动解析并下载无水印视频,直接发送文件给用户。 是免费的吗?
是的,短视频去水印下载。检测到抖音、快手、小红书、B站、微博、西瓜视频等平台链接时,自动解析并下载无水印视频,直接发送文件给用户。 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
短视频去水印下载。检测到抖音、快手、小红书、B站、微博、西瓜视频等平台链接时,自动解析并下载无水印视频,直接发送文件给用户。 支持哪些平台?
短视频去水印下载。检测到抖音、快手、小红书、B站、微博、西瓜视频等平台链接时,自动解析并下载无水印视频,直接发送文件给用户。 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 短视频去水印下载。检测到抖音、快手、小红书、B站、微博、西瓜视频等平台链接时,自动解析并下载无水印视频,直接发送文件给用户。?
由 douzi(@sjzai)开发并维护,当前版本 v1.0.0。
推荐 Skills