← 返回 Skills 市场
210
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install tsw-shorts-factory
功能描述
Autonomous YouTube Shorts video factory — zero cost, no external video API required. Generates quote-based short-form videos daily using edge-tts (free Micro...
安全使用建议
Do NOT install or run this skill as-is. Key concerns to resolve before trusting it: 1) The pipeline contains a hardcoded Pexels API key — treat that as a leaked credential. Replace it with an env var and rotate the key if you care about the account. 2) The code references and executes an external uploader and inserts sys.path entries into /root/.openclaw — ask the author why external workspace files are required, or remove those references and bundle any necessary uploader code. 3) Confirm QUOTE_LIBRARY and output paths are configurable and do not point into other agent/system workspaces; run in a sandboxed account first. 4) Review the uploader (yt_uploader.py) and any referenced external scripts before execution because they run with the same privileges as the pipeline. 5) If you want to proceed, edit the code to use an environment variable for PEXELS_API_KEY (and other secrets), remove hardcoded absolute paths, include or document the uploader dependency, and only then run in a controlled environment. If you cannot get clear answers from the author, treat this package as untrusted.
功能分析
Type: OpenClaw Skill
Name: tsw-shorts-factory
Version: 1.0.0
The skill bundle contains a hardcoded Pexels API key in 'scripts/pipeline.py', which is a significant security vulnerability (credential exposure). Additionally, the script uses absolute paths targeting the '/root/' directory and relies on an external script ('yt_uploader.py') that is not provided in the bundle, indicating an incomplete or environment-specific implementation. While these are high-risk coding practices and functional flaws, there is no clear evidence of intentional malicious behavior such as data exfiltration or backdoors.
能力评估
Purpose & Capability
SKILL.md advertises a zero-cost, self-contained YouTube Shorts factory and documents setting PEXELS_API_KEY and YouTube OAuth. The registry metadata lists no required env vars, but pipeline.py hardcodes a PEXELS_KEY value and hardwired paths (e.g. /root/.openclaw/..., /root/tsw_videos) and references an external YT_UPLOADER script outside the package. Requiring or embedding an API key and depending on files in another workspace is not consistent with the claimed 'instruction-only, no credentials' footprint.
Instruction Scope
SKILL.md instructs the agent to set PEXELS_API_KEY and run local yt_setup.py and to provide a local quote file. The pipeline code, however, ignores any environment variable and uses a hardcoded PEXELS_KEY, a fixed QUOTE_LIBRARY path under /root/.openclaw, inserts a sys.path to another project, and invokes an uploader at /root/.openclaw/.../yt_uploader.py. The runtime behavior therefore reaches into other agent/workspace directories and executes external code not mentioned in the install instructions.
Install Mechanism
No install spec (instruction-only), which is low risk in itself. SKILL.md lists pip packages to install at deploy time (moviepy, edge-tts, google-api libs). The code bundle includes Python scripts that will be executed locally; because there is no package install step, the user will need to install dependencies manually as instructed.
Credentials
The README declares PEXELS_API_KEY and a YouTube OAuth token file as configuration, but the registry shows no required env vars. Worse, pipeline.py contains a hardcoded PEXELS_KEY literal (a plausible-looking API key). That is a credential embedded in the code (credential leakage or misuse) and contradicts the deployment instructions. The code also creates and writes logs and outputs under /root/.openclaw and /root, accessing directories outside the skill bundle.
Persistence & Privilege
The skill writes logs and tokens to /root/.openclaw/workspace and creates directories under /root — touching what appears to be the agent's workspace and other projects. It also invokes an uploader script located outside the skill (YT_UPLOADER at /root/.openclaw/.../yt_uploader.py). While always:false (not forced), executing code that reaches across workspaces and calls external scripts increases blast radius and can modify or rely on other skills' artifacts.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tsw-shorts-factory - 安装完成后,直接呼叫该 Skill 的名称或使用
/tsw-shorts-factory触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of tsw-shorts-factory: autonomous, zero-cost YouTube Shorts generator.
- Generates 3 quote-based vertical Shorts videos per day using local TTS (edge-tts), Pexels stock footage, and MoviePy.
- Uses only free APIs; no external video processing services required.
- Automatically uploads completed videos as unlisted drafts to YouTube for manual review.
- Supports multiple quote niches via customizable quote library.
- Includes easy setup instructions and sample configuration for deployment and scheduling.
- All steps run locally; no recurring costs for ~90 videos/month.
元数据
常见问题
TSW Shorts Factory 是什么?
Autonomous YouTube Shorts video factory — zero cost, no external video API required. Generates quote-based short-form videos daily using edge-tts (free Micro... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 210 次。
如何安装 TSW Shorts Factory?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tsw-shorts-factory」即可一键安装,无需额外配置。
TSW Shorts Factory 是免费的吗?
是的,TSW Shorts Factory 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
TSW Shorts Factory 支持哪些平台?
TSW Shorts Factory 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 TSW Shorts Factory?
由 Vanyanski(@vanyanski)开发并维护,当前版本 v1.0.0。
推荐 Skills