← 返回 Skills 市场
Video Editing Agent (VEA)
作者
shawnshenopeninterx
· GitHub ↗
· v1.1.2
632
总下载
1
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install vea
功能描述
Video Editing Agent (VEA) for automated video processing, highlight generation, and editing. Use when asked to index videos, create highlight reels, generate...
安全使用建议
This skill appears to be a legitimate video-editing service but contains several red flags you should address before installing: (1) The registry only lists MEMORIES_API_KEY, yet the code and docs require Google, ElevenLabs, and Soundstripe API keys plus possible GCP auth—verify whether you need to supply all of them. (2) The install instructions include running a remote install script (curl | sh); avoid blindly running it—review the script or install dependencies via trusted package managers. (3) The service uploads frames/text to external providers (Memories.ai, ElevenLabs, Soundstripe); confirm you are comfortable sharing video content and transcripts with these services and check their privacy/TOS. (4) Inspect the GitHub repo/source (pin a commit or release) and review src/app.py (not included here) for unexpected network calls or secrets exfiltration. (5) Run the skill in an isolated environment (VM/container) and keep API keys limited (scoped, revocable). If you need help auditing specific files (e.g., src/app.py) or verifying the remote installer script, provide them and I can analyze further.
功能分析
Type: OpenClaw Skill
Name: vea
Version: 1.1.2
The skill is classified as suspicious primarily due to the use of `curl -LsSf https://astral.sh/uv/install.sh | sh` in `SKILL.md` for installing the `uv` package manager. While a common installation method for legitimate tools, this practice executes arbitrary remote code, posing a significant supply chain risk if the remote server were compromised. Additionally, `SKILL.md` instructs the agent to perform `gcloud auth application-default login`, granting sensitive access to Google Cloud resources, and API keys are stored locally and loaded into environment variables, which is a standard but vulnerable practice. There is no evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or stealthy backdoors.
能力评估
Purpose & Capability
The declared registry requirements list only MEMORIES_API_KEY and ffmpeg, but the SKILL.md and included files clearly require multiple other API keys (GOOGLE_API_KEY, ELEVENLABS_API_KEY, SOUNDSTRIPE_KEY) and GCP auth for full functionality. That mismatch between what's declared and what's actually needed is incoherent.
Instruction Scope
Runtime instructions instruct cloning a GitHub repo, running a remote installer (curl | sh), running gcloud auth, starting a local server, and sending video frames/text to external services (Memories.ai, ElevenLabs, Soundstripe). The instructions also expect you to store API keys in a local config.json which the scripts read. Those steps transmit user data outside the local machine and go beyond simple local ffmpeg processing.
Install Mechanism
Although the registry lists 'instruction-only', SKILL.md recommends running curl -LsSf https://astral.sh/uv/install.sh | sh to install the 'uv' package manager. Executing a remote install script is higher-risk than using a curated package and should be reviewed or replaced with a pinned release. Git cloning from GitHub is normal but no release pinning is recommended.
Credentials
Registry metadata declares only MEMORIES_API_KEY as required, but the config schema and scripts require/consume GOOGLE_API_KEY, ELEVENLABS_API_KEY, SOUNDSTRIPE_KEY, and possibly GCP credentials. Requiring multiple unrelated third‑party credentials (and loading them into env vars via config.json) is disproportionate to a simple local ffmpeg-based editor and increases data-exposure risk.
Persistence & Privilege
The skill does not request always: true and does not modify other skills. It runs a local server (localhost:8000), creates tmux/nohup processes and writes outputs/logs under ~/vea and /tmp. Running a persistent local server is expected for this functionality but increases blast radius if API keys or incoming requests are misconfigured.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vea - 安装完成后,直接呼叫该 Skill 的名称或使用
/vea触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.2
Made MEMORIES_API_KEY required (video indexing & comprehension). Reordered API keys table.
v1.1.1
Translated all Chinese text to English
v1.1.0
Added open-source installation instructions from GitHub repo (Memories-ai-labs/vea-open-source), FFmpeg setup for all platforms, and paper link.
v1.0.0
Initial release: AI-powered video editing agent for highlight reels, narration, subtitles, and music. Requires local VEA server and Gemini API key.
元数据
常见问题
Video Editing Agent (VEA) 是什么?
Video Editing Agent (VEA) for automated video processing, highlight generation, and editing. Use when asked to index videos, create highlight reels, generate... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 632 次。
如何安装 Video Editing Agent (VEA)?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vea」即可一键安装,无需额外配置。
Video Editing Agent (VEA) 是免费的吗?
是的,Video Editing Agent (VEA) 完全免费(开源免费),可自由下载、安装和使用。
Video Editing Agent (VEA) 支持哪些平台?
Video Editing Agent (VEA) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Video Editing Agent (VEA)?
由 shawnshenopeninterx(@shawnshenopeninterx)开发并维护,当前版本 v1.1.2。
推荐 Skills