← 返回 Skills 市场
757
总下载
0
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install video-analyzer-skill
功能描述
Download, transcribe, and analyze videos from YouTube, X/Twitter, and TikTok with local Whisper processing. Perfect for extracting TL;DRs, timestamps, and ac...
安全使用建议
This skill appears to do exactly what it says: download videos, transcribe locally with whisper-cpp, and produce timestamped transcripts. Before installing, consider: 1) It will install Homebrew packages and download Whisper models (the 'max' model is ~3GB) to /opt/homebrew/share/whisper-cpp — ensure you have disk space. 2) The script writes to /tmp and your Desktop (downloaded media), so expect files on disk. 3) The code runs shell commands via subprocess with formatted strings; while it attempts basic quoting for URLs, avoid passing untrusted or crafted inputs (especially odd --lang values) — review the script if you plan to run it in a security-sensitive environment. 4) The skill does not ask for API keys or try to send transcripts to external endpoints (only model downloads from huggingface and media fetches from the video host), but if you need stronger guarantees, run it in a sandbox or inspect/modify the script to use subprocess calls without shell=True (list form) and stricter input validation. If those trade-offs are acceptable, the skill is coherent and implementationally reasonable.
功能分析
Type: OpenClaw Skill
Name: video-analyzer-skill
Version: 1.0.1
The skill contains a shell injection vulnerability in `scripts/analyze_video.py` due to the use of `subprocess.run(shell=True)` combined with insufficient input sanitization in the `quote_url` function. A crafted URL containing single quotes and command separators (e.g., `'; touch /tmp/pwned; '`) could lead to arbitrary command execution. While the skill's behavior of downloading videos and fetching models from Hugging Face (`huggingface.co`) aligns with its stated purpose, these high-risk capabilities and the underlying implementation flaw warrant a suspicious classification.
能力评估
Purpose & Capability
Name/description request downloading and local Whisper transcription; required binaries (yt-dlp, ffmpeg, whisper-cli) and the included Python script directly implement that functionality. Homebrew install entries correspond to the declared tools and are proportionate.
Instruction Scope
SKILL.md instructs the agent to run the included script and to read the transcript file it produces — this matches the skill purpose. The script writes files to /tmp, the user's Desktop, and (when models are first downloaded) /opt/homebrew/share/whisper-cpp. One coding concern: the script uses subprocess.run(..., shell=True) with formatted command strings. It attempts to escape single quotes in URLs but does not perform comprehensive sanitization of other user-supplied parameters (e.g., --lang). This is a practical safety note (possible shell-injection vector if malicious input is passed), not an incoherence with the described purpose.
Install Mechanism
Install spec uses Homebrew formulas (uv, yt-dlp, ffmpeg, ggerganov/whisper-cpp). These are expected for local transcription; model downloads use curl from Hugging Face (WHISPER_BASE_URL) which is a reasonable, known host. The large 'max' model may require several GB of disk and time to download — expected behaviour, not malicious.
Credentials
The skill requests no environment variables or secrets. It does write models to a shared Homebrew path and outputs files to Desktop and /tmp, which are consistent with a local transcription/download tool and proportional to its purpose.
Persistence & Privilege
The skill does not request always: true, persistent privileges, or modifications to other skills. It runs on demand and stores models and output files in reasonable locations. No unexpected privilege escalation is present.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install video-analyzer-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/video-analyzer-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Expanded the description in SKILL.md to clarify when and how to use the skill, especially for requests involving YouTube, X/Twitter, or TikTok video URLs.
- Added practical usage examples to the description, detailing scenarios such as summarizing videos, extracting key points, and analyzing video content.
- No changes to any code or functionality; documentation improvements only.
v1.0.0
Initial public release: download, transcribe, and analyze videos from YouTube, X/Twitter, TikTok with local Whisper
元数据
常见问题
Video Analyzer 是什么?
Download, transcribe, and analyze videos from YouTube, X/Twitter, and TikTok with local Whisper processing. Perfect for extracting TL;DRs, timestamps, and ac... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 757 次。
如何安装 Video Analyzer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install video-analyzer-skill」即可一键安装,无需额外配置。
Video Analyzer 是免费的吗?
是的,Video Analyzer 完全免费(开源免费),可自由下载、安装和使用。
Video Analyzer 支持哪些平台?
Video Analyzer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Video Analyzer?
由 minilozio(@minilozio)开发并维护,当前版本 v1.0.1。
推荐 Skills