← 返回 Skills 市场

Youtube To Skill

Name: Youtube To Skill
Author: eeyan2025-art

作者 eeyan2025-art · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install video-to-skill

功能描述

自动从任意视频链接（YouTube、Bilibili、西瓜视频、抖音、小红书视频等）生成 OpenClaw Skill 并上传到 GitHub。用户分享任意视频链接，希望将其内容自动转化为 Skill 时触发。

安全使用建议

Do not provide secrets blindly. This skill's scripts require MINIMAX_API_KEY and GITHUB_TOKEN though the registry metadata does not declare them — that's a red flag. Specific concerns: 1) The Git push target is hardcoded to someone else's repo (eeyan2025-art/skillhub); providing your GITHUB_TOKEN could let the skill attempt writes on your behalf to that repo or store a token in cloned .git/config temporarily. 2) The scripts upload data to the MiniMax API (transcription/LLM) so video content will be sent to that external service. Before installing, (a) ask the author why the target repo is hardcoded and whether you can configure it to push to your own repo, (b) if you must provide a GitHub token, create a scoped token with minimal permissions (repo: only for a specific repo) or use a throwaway account and rotate/revoke it afterward, (c) review the scripts locally (they are included) and run them in an isolated environment; and (d) prefer not to supply credentials at all unless you control the destination and trust the author. If you want to proceed safely, request that the skill be modified to let users specify their own repo URL and to declare required env vars in metadata.

功能分析

Type: OpenClaw Skill Name: youtube-to-skill Version: 1.0.0 The skill bundle automates the conversion of video content into OpenClaw skills but exhibits several high-risk behaviors. Most notably, `scripts/git_push.sh` and `SKILL.md` hardcode a specific third-party GitHub repository (https://github.com/eeyan2025-art/skillhub.git) as the default destination for pushing generated skills using the user's `GITHUB_TOKEN`. Additionally, `scripts/download_audio.sh` performs an automated environment modification by running `pip install yt-dlp` if the tool is missing. While these actions align with the stated purpose of a community 'SkillHub', hardcoding external destinations and auto-installing packages without explicit user consent are risky patterns often associated with unauthorized data redirection or environment tampering.

能力评估

⚠ Purpose & Capability

The skill claims to convert videos into OpenClaw Skills and push them to GitHub. That capability legitimately needs an LLM/audio API key and optionally a GitHub token for pushing — but the registry metadata declares no required env vars/credentials while the scripts clearly require MINIMAX_API_KEY and GITHUB_TOKEN. Also the push target is a hardcoded third-party repo (https://github.com/eeyan2025-art/skillhub.git) rather than the user's repo, which is unexpected and disproportionate to the stated purpose.

⚠ Instruction Scope

SKILL.md and the included scripts instruct the agent to: visit video pages, download audio (yt-dlp), call MiniMax API endpoints (video subtitle, audio transcription, chat completions), run an LLM to generate SKILL.md, and clone/push to a GitHub repo. The instructions access and require credentials (MINIMAX_API_KEY, GITHUB_TOKEN) even though the skill metadata doesn't list them. The git push step pushes generated content into a third-party repository — this could be an exfiltration/abuse vector if the user's token is used to grant write access to an attacker-controlled repo.

ℹ Install Mechanism

There is no formal install spec (instruction-only), which lowers install-surface risk, but scripts will pip-install yt-dlp if missing. That automatic install is relatively low-to-moderate risk but means new packages may be written to the environment at runtime.

⚠ Credentials

Although the registry lists no required env vars, scripts require MINIMAX_API_KEY and optionally GITHUB_TOKEN. Requesting a GitHub PAT from the user is reasonable if pushing to the user's own repo — but here the repo URL is hardcoded to another user's repo. Asking for a token that can grant repo write access without clearly justifying why it must write to that external repo is disproportionate and risky. The MinisMax key is consistent with the LLM/audio calls, but should be declared explicitly.

✓ Persistence & Privilege

The skill is not always-enabled and does not request system-wide persistence or modify other skills. It performs temporary file writes and clones to /tmp and deletes temp dir at the end. The ability to invoke models autonomously is the platform default and is not by itself a new privilege here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install video-to-skill
安装完成后，直接呼叫该 Skill 的名称或使用 /video-to-skill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release: Automatically converts online video content to an OpenClaw Skill and uploads it to GitHub. - Supports YouTube, Bilibili, Xigua, Douyin, Xiaohongshu, and more for subtitle/audio extraction. - Unified workflow: detects platform, extracts content, transcribes and summarizes, generates SKILL.md, and pushes to GitHub. - Robust fallback mechanisms for subtitle/audio extraction and error handling. - Outputs both the generated SKILL.md file path and the GitHub link for easy access.

元数据

Slug video-to-skill

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Youtube To Skill 是什么？

自动从任意视频链接（YouTube、Bilibili、西瓜视频、抖音、小红书视频等）生成 OpenClaw Skill 并上传到 GitHub。用户分享任意视频链接，希望将其内容自动转化为 Skill 时触发。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 76 次。

如何安装 Youtube To Skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install video-to-skill」即可一键安装，无需额外配置。

Youtube To Skill 是免费的吗？

是的，Youtube To Skill 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Youtube To Skill 支持哪些平台？

Youtube To Skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Youtube To Skill？

由 eeyan2025-art（@eeyan2025-art）开发并维护，当前版本 v1.0.0。