← 返回 Skills 市场

Twitter Video Download

Name: Twitter Video Download
Author: lemonpek66

作者 Lemonpek66 · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

391

总下载

当前安装

版本数

在 OpenClaw 中安装

/install twitter-video-download

功能描述

Download videos from Twitter/X posts. Just give it a tweet URL and it will download the video to your specified location.

安全使用建议

This skill appears to implement the advertised feature, but there are a couple of mismatches you should address before installing or running it: - The Node script (download.mjs) requires Node to run, but the registry metadata does not declare node as a required binary. Ensure your environment provides Node (node/npm) or ask the author to update the metadata. - The manifest marks PROXY_URL as required, but the script treats it as optional (used only when set). Only set PROXY_URL if you need a proxy; avoid placing credentials in that variable unless you trust the source and understand where that proxy forwards traffic. - The skill spawns the yt-dlp executable to download remote media. yt-dlp will perform network requests to Twitter/X and possibly third-party hosts (CDNs). Only use this skill if you trust the author and the yt-dlp package you install (pip install yt-dlp from PyPI). Consider installing yt-dlp in a controlled environment (virtualenv) first. Recommended actions: 1) Request the author or maintainer to add 'node' to required binaries or provide a pure-Python implementation. 2) Ask them to mark PROXY_URL as optional in registry metadata so it isn't treated as mandatory. 3) Review the Node script locally (it is included) and test in a VM or isolated environment before giving it broad access to your filesystem. 4) If you must use a proxy, avoid embedding sensitive credentials in PROXY_URL unless necessary; prefer a local proxy or secure credential handling. Given these inconsistencies, treat the package with caution until the metadata and documentation are aligned with the actual runtime requirements.

功能分析

Type: OpenClaw Skill Name: twitter-video-download Version: 1.0.2 The skill is a legitimate utility for downloading Twitter/X videos using the well-known yt-dlp library. The implementation in `scripts/download.mjs` follows security best practices by using `child_process.spawn` with `shell: false` to prevent command injection, validating URLs against a whitelist (twitter.com/x.com), and sanitizing filenames to prevent path traversal. No evidence of data exfiltration, malicious execution, or prompt injection was found.

能力评估

⚠ Purpose & Capability

The skill's purpose (download Twitter/X videos via yt-dlp) matches the implementation, but the declared required binaries are incomplete/inconsistent: the manifest lists python and pip (needed to install yt-dlp) but does not list node, yet the runtime is a Node script (download.mjs). A legitimate implementation would declare node (or not use Node).

ℹ Instruction Scope

SKILL.md instructions are narrowly scoped to downloading Twitter/X videos and installing yt-dlp. They do not request unrelated files or credentials. However the instructions (and registry metadata) mark PROXY_URL as required, while the script treats PROXY_URL as optional — this gives the skill broader assumed environment dependence than necessary.

✓ Install Mechanism

There is no automatic install spec (instruction-only), and the README recommends installing yt-dlp via pip. No downloads from untrusted URLs or archive extraction are present in the package itself. This is low-risk but relies on the user running pip install yt-dlp manually.

⚠ Credentials

Registry metadata lists PROXY_URL as a required environment variable. The code only reads PROXY_URL optionally and continues if it's unset; proxy is only needed for users behind network restrictions. Marking it required is disproportionate. PROXY_URL may contain host/port or credentials — treat it as sensitive and only set if necessary.

✓ Persistence & Privilege

The skill does not request permanent presence (always:false) and does not modify other skills or global settings. It runs a one-off yt-dlp process and writes files to the user-specified output directory.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install twitter-video-download
安装完成后，直接呼叫该 Skill 的名称或使用 /twitter-video-download 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.2

- Added a new "Security Notes" section detailing measures like no shell execution, URL and filename validation, proxy validation, and trusted library usage. - Clarified that a proxy is only required for China users. - Added a call-to-action encouraging users to star the project on ClawHub to support and help others discover it.

v1.0.1

- Updated SKILL.md documentation from Chinese to English for wider accessibility. - Clarified setup instructions and command line examples. - No changes to code or functionality.

v1.0.0

twitter-video-download 1.0.0 - Initial release. - Download videos from Twitter/X posts by providing a tweet URL. - Supports both twitter.com and x.com links. - Requires yt-dlp and a proxy (set via PROXY_URL). - Allows specifying output folder, filename, and video quality. - GIFs are downloaded and converted to MP4 format.

元数据

Slug twitter-video-download

版本 1.0.2

许可证 MIT-0

累计安装 2

当前安装数 1

历史版本数 3

常见问题

Twitter Video Download 是什么？

Download videos from Twitter/X posts. Just give it a tweet URL and it will download the video to your specified location. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 391 次。

如何安装 Twitter Video Download？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install twitter-video-download」即可一键安装，无需额外配置。

Twitter Video Download 是免费的吗？

是的，Twitter Video Download 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Twitter Video Download 支持哪些平台？

Twitter Video Download 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Twitter Video Download？

由 Lemonpek66（@lemonpek66）开发并维护，当前版本 v1.0.2。