← 返回 Skills 市场
Showcase Video Builder
作者
Nissan Dookeran
· GitHub ↗
· v1.0.0
496
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install showcase-video-builder
功能描述
Build polished showcase and demo videos from screenshots, avatars, and text overlays using ffmpeg. Use when creating demo reels, hackathon presentations, pro...
安全使用建议
This skill appears safe and does what it says: run ffmpeg locally to build videos from images. Before running: ensure ffmpeg is installed from a trusted source, verify the images directory you pass to the script (it will process all PNGs there), and adjust the font path if you're not on macOS. The script honors FFMPEG env override if you need to point to a specific binary. If you allow an automated agent to invoke this skill, remember it will run ffmpeg commands on whatever image directory you (or the agent) provide — avoid passing sensitive system paths. If you need network/media uploads, handle those steps separately; this skill performs no network calls or credential handling.
功能分析
Type: OpenClaw Skill
Name: showcase-video-builder
Version: 1.0.0
The skill's stated purpose is benign, focusing on local video processing with `ffmpeg`. However, the `scripts/build_showcase.sh` file contains a critical shell injection vulnerability. It constructs an `ffmpeg` command by directly embedding unquoted image filenames (`$img`) into the command string, allowing an attacker to execute arbitrary commands if they can control the filenames within the `IMAGES_DIR`. For example, a filename like `image.png; rm -rf /;` would lead to command execution. Additionally, the `FFMPEG` environment variable is used without sanitization, presenting another potential injection vector. These are severe vulnerabilities, but there is no clear evidence of intentional malicious behavior such as data exfiltration or persistence.
能力评估
Purpose & Capability
Name/description match the implementation: SKILL.md and scripts instruct only local ffmpeg usage to turn screenshots into videos. Required binary (ffmpeg) is appropriate and sufficient for the stated purpose.
Instruction Scope
Instructions and the included script operate on local files (images) and local ffmpeg invocations. They do not attempt to read unrelated system config, environment secrets, or contact external endpoints. The script processes all PNGs in the provided directory, which is expected behavior for a slideshow builder.
Install Mechanism
No install spec — instruction-only with a shell script. Nothing is downloaded or written to system locations by the skill itself; the only runtime requirement is an existing ffmpeg binary.
Credentials
The skill declares no required environment variables or credentials. The script allows overriding the ffmpeg command via the FFMPEG env var (reasonable and limited). No secrets or unrelated service tokens are requested.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills or system-wide agent settings. It runs on demand and performs local, limited operations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install showcase-video-builder - 安装完成后,直接呼叫该 Skill 的名称或使用
/showcase-video-builder触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release — extracted from Sandman Tales v2 hackathon
元数据
常见问题
Showcase Video Builder 是什么?
Build polished showcase and demo videos from screenshots, avatars, and text overlays using ffmpeg. Use when creating demo reels, hackathon presentations, pro... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 496 次。
如何安装 Showcase Video Builder?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install showcase-video-builder」即可一键安装,无需额外配置。
Showcase Video Builder 是免费的吗?
是的,Showcase Video Builder 完全免费(开源免费),可自由下载、安装和使用。
Showcase Video Builder 支持哪些平台?
Showcase Video Builder 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Showcase Video Builder?
由 Nissan Dookeran(@nissan)开发并维护,当前版本 v1.0.0。
推荐 Skills