← 返回 Skills 市场
141
总下载
0
收藏
1
当前安装
6
版本数
在 OpenClaw 中安装
/install video-download-transcribe
功能描述
多平台视频下载 + 本地转录 + 视频内容分析。 **触发词**:这个视频说了什么、视频内容是什么、帮我看这个视频、下载这个视频、视频转录、字幕提取、B站视频、抖音视频、bilibili、youtube视频、帮我转录 **支持平台**:B站/抖音/TikTok/YouTube/小红书/微博/快手
安全使用建议
Key points to consider before installing:
- Missing declared env vars: the manifest lists no required environment variables, but the code and SKILL.md expect DOUYIN_CHROMIUM_PATH and several API keys (SILICONFLOW_API_KEY, MINIMAX_API_KEY, TikHub token, etc.). Ask the author to declare every required secret in the skill metadata before installing.
- Inspect setup.sh and server.py: setup.sh will install Playwright/Chromium and assumes specific venv and repo locations; server.py contains hard-coded absolute paths (/Users/kk/...). These paths cause the skill to try importing code outside the skill folder — review those imports and remove or fix hard-coded paths.
- External services & credentials: the skill will call third-party endpoints (liuxingw.com, tikhub, api.minimax.chat, api.siliconflow.cn). Do not provide unrelated credentials (AWS, GitHub, global OpenAI key) to make it work. If you must use cloud STT, restrict keys to a dedicated minimal-scope account and prefer local models.
- Run in a contained environment first: install and run the setup and server in a sandboxed VM, container, or isolated user account. Verify what files are written (transcripts dir), what network calls are made, and which processes are spawned.
- Prefer local-only configuration: if you only need local downloads + local whisper, disable or remove cloud/STT branches in server.py and avoid running the parts that call remote APIs.
- If you plan to trust it, ask the maintainer to: (1) remove hard-coded absolute paths, (2) list all required env vars and secrets in the manifest, (3) provide an installation spec that doesn't rely on guessing user venv locations, and (4) document what external domains are contacted and why.
If you want, I can:
- Extract and list every external domain/endpoints the skill calls from server.py and SKILL.md, and
- Produce a minimal checklist of commands to run in a disposable container to validate behavior safely.
功能分析
Type: OpenClaw Skill
Name: video-download-transcribe
Version: 3.2.1
The skill bundle exhibits high-risk behavior by using `subprocess.run` to execute shell commands and dynamically constructed Python scripts for video processing and browser automation. It contains hardcoded absolute paths (e.g., `/Users/kk/...` in `server.py` and `setup.sh`) and instructs the AI agent to perform local system configurations and execute shell scripts. While these actions are aligned with the stated purpose of video downloading and transcription, the reliance on external binaries (yt-dlp, ffmpeg, Playwright) and the construction of sub-processes via string interpolation in `server.py` create a significant attack surface for potential command or script injection.
能力标签
能力评估
Purpose & Capability
Name/description match the shipped behavior (yt-dlp, ffmpeg, local whisper). However the shipped code and requirements reference multiple cloud services and API keys (SILICONFLOW_API_KEY, MINIMAX_API_KEY, THIRD_PARTY_API, TikHub) and include 'openai' packages in requirements even though the manifest declares no required credentials. The manifest declares no env vars but SKILL.md and server.py expect DOUYIN_CHROMIUM_PATH and several secret keys — a mismatch that is disproportionate to the stated simple downloader/transcriber purpose.
Instruction Scope
SKILL.md instructs running setup.sh, using mcporter to call local MCP endpoints, and to import/run local Python servers. Instructions refer to environment variables (DOUYIN_CHROMIUM_PATH) and to using remote services (TikHub, third-party parse APIs). The runtime instructions and server.py perform network calls to third-party endpoints, may invoke subprocesses that run Playwright browser code, and read/write transcript files. They also reference and attempt to import code from absolute user-specific paths (/Users/kk/...), which is scope creep and may cause the skill to access files outside its declared workspace.
Install Mechanism
There is no formal manifest install spec, but the included setup.sh will drive Playwright to download Chromium via a known mirror (npmmirror) and references cloning or using an external repo (github.com/openclaw/openclaw-media). Those are traceable, not obfuscated downloads. Still, setup.sh assumes particular local paths and a specific virtualenv layout; running it will write files and may pull remote dependencies (playwright/chromium).
Credentials
The skill declares no required env vars but the code expects and uses multiple environment variables and API keys (DOUYIN_CHROMIUM_PATH, DOUYIN_STT_MODE, SILICONFLOW_API_KEY, SILICONFLOW_BASE_URL, MINIMAX_API_KEY, WHISPER_MODEL_DIR, TRANSCRIPTS_DIR, DOUYIN_THIRD_PARTY_API, etc.). Some are sensitive (API keys) and are not listed in the skill metadata; that's an incoherence and a potential risk of accidental credential exposure if you supply unrelated keys to make it work. The skill also depends on network access and external services (TikHub, liuxingw.com, api.minimax.chat, api.siliconflow.cn).
Persistence & Privilege
The skill does not request always:true, but the shipped code references and imports from absolute paths outside the skill workspace (e.g., /Users/kk/.openclaw/mcp-servers/douyin-analyzer). Those hard-coded paths could cause the skill to import or execute code residing elsewhere on disk if present. The setup script will install Playwright/Chromium and suggests registering an MCP server and background transcription (transcripts directory). While this is expected for a long-running transcriber, the cross-path references and potential to run subprocesses that execute embedded Python snippets increase the attack surface and persistence-like effects.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install video-download-transcribe - 安装完成后,直接呼叫该 Skill 的名称或使用
/video-download-transcribe触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.2.1
修复 mlx_whisper 示例代码;新增 2026-04-19 踩坑记录:HF_HUB_OFFLINE=1 阻止首次下载模型
v0.1.1
修复 mlx_whisper 示例代码;新增 2026-04-19 踩坑记录:HF_HUB_OFFLINE=1 阻止首次下载模型
v3.2.0
video-download-transcribe 3.2.0
- Added detailed documentation on the unified two-step workflow (download link extraction → download + local transcription) for all supported platforms.
- Enhanced troubleshooting section with common errors, solutions, and platform/tool switching guidelines.
- Provided platform support matrix with trigger words, detection patterns, and download methods for B站/抖音/TikTok/YouTube/小红书/微博/快手.
- Included step-by-step installation and environment setup instructions, especially for Playwright-Chromium (Douyin case).
- Clarified differences and use-cases for local MLX Whisper, faster-whisper fallback, and TikHub API for reliable video processing.
- Updated "踩坑记录" to share recent bug fixes and best practices for robust multi-platform support.
v3.1.0
通用初始化配置:DOUYIN_CHROMIUM_PATH环境变量,自动检测,setup.sh引导安装
v3.0.0
统一两步走流程,修复抖音下载(Playwright浏览器抓取+TikHub备用),完整排错流程文档
v2.2.0
重命名为 video-download-transcribe;新增后台转录+transcript_id查询+关键词检索;移除MiniMax API依赖
元数据
常见问题
Video Download Transcribe 是什么?
多平台视频下载 + 本地转录 + 视频内容分析。 **触发词**:这个视频说了什么、视频内容是什么、帮我看这个视频、下载这个视频、视频转录、字幕提取、B站视频、抖音视频、bilibili、youtube视频、帮我转录 **支持平台**:B站/抖音/TikTok/YouTube/小红书/微博/快手. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 141 次。
如何安装 Video Download Transcribe?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install video-download-transcribe」即可一键安装,无需额外配置。
Video Download Transcribe 是免费的吗?
是的,Video Download Transcribe 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Video Download Transcribe 支持哪些平台?
Video Download Transcribe 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Video Download Transcribe?
由 kk.Tang(@kk-kingkong)开发并维护,当前版本 v3.2.1。
推荐 Skills