← 返回 Skills 市场
rikisann

Video Proof

作者 rikisann · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
447
总下载
1
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install video-proof
功能描述
Record video proof of implemented features after coding tasks complete. Use when a coding agent finishes work and needs to visually verify and demonstrate th...
安全使用建议
This skill appears to do what it says: start your app, run scripted steps, and capture video/screenshots/logs. Before using it: (1) inspect any proof-spec.yaml provided by an agent — the start_command field runs exactly what you put there and can execute arbitrary shell commands; (2) run scripts/setup.sh only on machines you control (it will download npm packages, Playwright browser binaries, and may attempt to use sudo to install ffmpeg); (3) avoid pointing base_url at sensitive external services or endpoints with secrets — api-proof.js will send HTTP requests to whatever URL you configure; (4) prefer running in an isolated environment (local dev VM, CI runner, or container) rather than on a machine with sensitive credentials. If you want, run the scripts manually once to verify behavior before integrating into an automated agent workflow.
功能分析
Type: OpenClaw Skill Name: video-proof Version: 1.0.2 The skill bundle is suspicious due to a critical shell injection vulnerability. Both `scripts/api-proof.js` and `scripts/record-proof.js` directly execute the `start_command` from the `proof-spec.yaml` (or CLI arguments) using `spawn('sh', ['-c', spec.start_command])`. This allows arbitrary shell commands to be executed, leading to Remote Code Execution (RCE) if a malicious `proof-spec.yaml` is provided by an agent or user. Additionally, `scripts/setup.sh` uses `sudo` for installing dependencies, which, while intended for legitimate purposes, represents a privilege escalation capability.
能力评估
Purpose & Capability
Name/description match the included scripts: record-proof.js uses Playwright to record screen/screenshot/console output and api-proof.js exercises HTTP endpoints. Dependencies (Playwright, yaml, optional ffmpeg) are appropriate for the declared functionality.
Instruction Scope
SKILL.md and scripts limit themselves to starting a local server (via a user-provided start_command), driving a browser or HTTP requests, and writing local artifacts. However, start_command accepts any shell command (intentionally) so a malicious or mistaken proof-spec could cause arbitrary commands to run — this is a necessary capability for starting apps but is a user-supplied attack surface that should be reviewed before running.
Install Mechanism
There is no platform install spec in metadata, but scripts/setup.sh performs npm installs, runs npx playwright install (downloads browser binaries), and may call system package managers (apt-get/brew/dnf/pacman) with sudo to install ffmpeg. These are standard for Playwright but require network access and (for ffmpeg) elevated privileges on some systems.
Credentials
The skill does not declare or read any secrets or unrelated environment variables. The scripts copy the current environment into spawned processes and set only PORT/BROWSER; no credentials or external tokens are requested.
Persistence & Privilege
Skill is not always-enabled and does not try to persist as an agent-level plugin. The one-time setup script can install system packages and may use sudo to install ffmpeg; runtime spawns detached server processes (killed by process group) which is expected but means long-running processes could be created if a start_command forks.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install video-proof
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /video-proof 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Fix: re-publish with complete package files.
v1.0.1
Initial public release
v1.0.0
Initial release — record video proof of working features with Playwright. Supports any stack, UI + API proof modes, video/screenshot/console artifacts with pass/fail summary.
元数据
Slug video-proof
版本 1.0.2
许可证
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Video Proof 是什么?

Record video proof of implemented features after coding tasks complete. Use when a coding agent finishes work and needs to visually verify and demonstrate th... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 447 次。

如何安装 Video Proof?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install video-proof」即可一键安装,无需额外配置。

Video Proof 是免费的吗?

是的,Video Proof 完全免费(开源免费),可自由下载、安装和使用。

Video Proof 支持哪些平台?

Video Proof 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Video Proof?

由 rikisann(@rikisann)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论