← 返回 Skills 市场
526
总下载
0
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install skill-tiktok-video-pipeline
功能描述
End-to-end TikTok ad video pipeline. Product script → Veo base video → animated caption overlay → audio mix → final MP4. One command, full automation.
安全使用建议
This package appears to implement a TikTok video pipeline but has several inconsistencies you should resolve before running it: (1) SKILL.md and scripts expect an API key (GEMINI_API_KEY) but the registry metadata doesn't declare it — if you provide that key it will be sent to the Veo/Gen service when generating video. (2) The Node and Python orchestrators reference other skills and script paths that are inconsistent with the files included (veo3-video-gen, skill-runway-video-gen, skill-tiktok-ads-video). That means the pipeline may fail or attempt to run code from other folders in your workspace if present. (3) The scripts run shell commands ('bash -lc', ffmpeg, ffprobe, 'uv run') and forward the entire process environment to subprocesses, so avoid running this with sensitive credentials in your environment. Recommended steps before installing/running: run this in an isolated environment or container; inspect and, if necessary, correct the path references to the other skills or ensure the required helper skills are intentionally present; use the provided dry-run mode to test overlay behavior; do not run with sensitive env vars set (or sanitize env) until you confirm behavior; and review any external skills (veo/runway) that this orchestrator expects to call. Because of the mismatches and env handling, treat this as untrusted until you verify/correct those issues.
功能分析
Type: OpenClaw Skill
Name: skill-tiktok-video-pipeline
Version: 2.0.0
The `scripts/tiktok_overlay_engine_v3.py` script is vulnerable to `ffmpeg` filter injection. User-controlled arguments like `--pill-color` and `--text-color` are directly concatenated into the `ffmpeg` `drawtext` filter string without proper escaping, allowing an attacker to inject arbitrary `ffmpeg` filters. This can lead to information disclosure, denial of service, or potentially remote code execution. While `scripts/generate.js` uses `JSON.stringify` to mitigate direct shell injection for its arguments, the downstream `tiktok_overlay_engine_v3.py` script introduces a critical vulnerability.
能力评估
Purpose & Capability
The name/description (end-to-end TikTok ad pipeline) aligns with the included scripts which orchestrate Veo/Runway video generation, overlay, and audio mixing. However the package expects other skills in the workspace (veo3-video-gen, runway/skill-runway-video-gen, and a different tiktok overlay skill name), which are not declared in metadata. That cross-skill dependency is plausible for a pipeline, but the references are inconsistent (different skill slugs and script names), suggesting copy-paste or packaging errors.
Instruction Scope
Runtime instructions and scripts run external commands (ffmpeg, ffprobe, 'uv run', bash -lc) and read/write workspace paths (WORKSPACE via ../../..). SKILL.md mentions GEMINI_API_KEY required for Veo generation but the registry metadata did not declare any required env vars. pipeline.py points at other skill directories and script names that are inconsistent with this package (e.g., 'skill-runway-video-gen', 'skill-tiktok-ads-video'), which may cause it to try to invoke arbitrary scripts elsewhere in the agent workspace if present. The instructions also forward the process environment to subprocesses, which could expose any env vars present at runtime to subprocesses.
Install Mechanism
No install spec (instruction-only) — nothing downloads or installs automatically. The provided code files are executed at runtime; risk comes from those runtime subprocesses rather than an install-time download. This is lower installation risk but still executes shell and 'uv run' commands when invoked.
Credentials
SKILL.md documents GEMINI_API_KEY and DEFAULT_AUDIO environment usage (DEFAULT_AUDIO fallback), but the registry shows no required env vars. The scripts propagate process.env into subprocesses and may cause secrets present in the agent environment to be visible to invoked commands. The number of env variables requested is small and consistent with a video-generation pipeline, but the omission from registry metadata is an incoherence and the forwarding of full env to subprocesses increases potential exposure.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It writes outputs into the workspace 'output/tiktok' and temporary dirs under workspace; it does not attempt to modify other skills or system configuration. Autonomous invocation is allowed by default (disable-model-invocation: false) but that is the platform default and not by itself a red flag.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-tiktok-video-pipeline - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-tiktok-video-pipeline触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
**Major update: Pipeline now supports Veo3 video generation, enhanced caption overlay (v3), audio mixing, new `--audio` and `--slowmo` flags, and Node.js orchestration.**
- Adds Node.js orchestrator (`scripts/generate.js`) for full automation and new scripting interface.
- Integrates next-gen caption overlay engine (`tiktok_overlay_engine_v3.py`) using ffmpeg drawtext for improved pill captions and Arabic language support.
- Supports background music mixing via ffmpeg (`--audio`), default audio auto-discovery, and volume adjustment.
- Introduces new pipeline arguments for logo watermark, segment stitching, dry-run mode, and Arabic captions.
- Updates Python pipeline to support overlay v3 engine, `--audio`, and `--slowmo` for slowed videos.
- Documentation rewritten with detailed architecture diagram, usage examples, and full argument tables.
v1.0.0
Initial release: end-to-end TikTok ad video automation for product images.
- Converts a product image into a final branded TikTok video with one command.
- Integrates video generation (Runway/Veo), slow-motion stretching, and animated caption overlays.
- Supports multiple products and video styles, with flexible engine selection and customization options.
- Outputs a finished MP4, ready to post.
元数据
常见问题
Skill Tiktok Video Pipeline 是什么?
End-to-end TikTok ad video pipeline. Product script → Veo base video → animated caption overlay → audio mix → final MP4. One command, full automation. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 526 次。
如何安装 Skill Tiktok Video Pipeline?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-tiktok-video-pipeline」即可一键安装,无需额外配置。
Skill Tiktok Video Pipeline 是免费的吗?
是的,Skill Tiktok Video Pipeline 完全免费(开源免费),可自由下载、安装和使用。
Skill Tiktok Video Pipeline 支持哪些平台?
Skill Tiktok Video Pipeline 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Tiktok Video Pipeline?
由 Zero2Ai(@zero2ai-hub)开发并维护,当前版本 v2.0.0。
推荐 Skills