← 返回 Skills 市场
VideoClaw Pro
作者
xiangxueweb
· GitHub ↗
· v1.0.0
· MIT-0
93
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install videoclaw-pro
功能描述
视频剪辑脚本执行助手(增强版)- 根据飞书提示词库和直播素材文字档生成剪辑建议脚本。 支持飞书文档(docx)和知识库(wiki)链接,自动解析权限问题。 ⚠️ 重要:本 skill 所有文档读取必须通过 Python CLI 脚本,不使用内置 feishu_doc 工具! 触发指令格式:「剪辑脚本 [视频类型]...
安全使用建议
This skill's functionality (read Feishu doc/wiki, generate clip scripts, write back) is coherent, but there are two red flags you should consider before installing:
1) Hardcoded credentials: videoclaw_lib.py contains APP_ID and APP_SECRET inside the repository. That means the skill will use the author's/owner's Feishu service account to access documents. If you follow the skill's steps (sharing docs with the robot), those documents become accessible to that external account. Only proceed if you trust the skill author and understand that private content will be accessible to their robot.
2) Missing dependency/credential declarations: the metadata lists no required env vars or binaries, but the code needs Python packages (requests, lark_oapi, python-docx) and network access. The skill also forbids using the built-in feishu_doc tool and forces using the included CLI, increasing reliance on the embedded credentials.
Recommendations before installation:
- Ask the author to remove hardcoded APP_SECRET and instead require the operator to provide credentials via environment variables (declared in requires.env), or to use an OAuth flow that uses the user's own app credentials.
- If you cannot get that change, do not share private documents with the robot; instead test with non-sensitive docs.
- Verify the APP_ID belongs to a trusted owner (ask for the organization or app registration details) and request an explanation why the built-in feishu_doc tool couldn't be used.
- Ensure required Python dependencies are installed in a controlled environment before running the CLI.
If the author can provide a version that uses the user’s own credentials (or the platform's built-in feishu_doc tool) and lists dependencies, the concerns would be largely resolved. If the APP_SECRET here is confirmed malicious or unknown and the author refuses to remove it, treat the skill as untrusted.
功能分析
Type: OpenClaw Skill
Name: videoclaw-pro
Version: 1.0.0
The skill bundle contains hardcoded Feishu (Lark) API credentials (APP_ID and APP_SECRET) in 'videoclaw_lib.py', which is a significant security risk and potential vector for data access by the credential owner. Additionally, 'SKILL.md' contains instructions that explicitly command the AI agent to bypass built-in OpenClaw tools ('feishu_doc') in favor of a custom Python CLI script using a hardcoded Windows absolute path. While the documentation provides a functional justification for these choices (Wiki link support), the combination of hardcoded secrets and the bypass of standard platform tools is highly irregular.
能力评估
Purpose & Capability
Name/description match the code: the skill reads Feishu docx/wiki links, converts wiki nodes, and writes generated scripts back to Feishu. However, the skill embeds a Feishu APP_ID and APP_SECRET in videoclaw_lib.py instead of declaring required credentials or using the host's feishu_doc tool as SKILL.md forbids — this is an unexpected design choice even if it can be explained technically.
Instruction Scope
SKILL.md restricts all document I/O to the included Python CLI and shows explicit read/write exec commands. The instructions do not ask the agent to read unrelated local files or environment variables. The runtime actions (resolve wiki → fetch document blocks → generate script → create doc) are within the stated purpose.
Install Mechanism
No install spec is provided (instruction-only + included Python files). The Python code depends on third-party packages (requests, lark_oapi, python-docx) but those dependencies are not declared. That omission can lead to runtime failures or unexpected additional installs on the host; it's a completeness/usability concern rather than an immediate malware indicator.
Credentials
The skill requests no environment variables in metadata, yet videoclaw_lib.py hardcodes APP_ID and APP_SECRET (feishu credentials). Hardcoded service credentials in shipped code are disproportionate: they grant the skill-owner's service account access to any documents users share with that robot. Users must explicitly share documents with the robot account (as SKILL.md instructs), meaning private documents will be accessible to an external service — a significant privacy/trust consideration that is not surfaced in the metadata.
Persistence & Privilege
The skill is not marked always:true and does not appear to modify other skills or global agent settings. However, because the skill includes its own Feishu service credentials, installing and using it effectively grants persistent third-party access to any documents you share with that robot account while the credentials remain valid.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install videoclaw-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/videoclaw-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
videoclaw-pro 1.0.0
- 全新发布的视频剪辑脚本助手,专为飞书环境设计,支持 docx 及 wiki 链接解析。
- 强制采用 Python CLI 执行文档读写,彻底弃用内置 feishu_doc 工具,确保兼容飞书 wiki 链接。
- 提供权限问题友好提示,指导用户正确分配文档访问权限。
- 以飞书提示词库和直播素材自动生成结构化剪辑建议脚本,支持完善的时间轴与细节标注。
- 完整独立封装,所有功能均整合于单一 skill,提升部署与管理效率。
元数据
常见问题
VideoClaw Pro 是什么?
视频剪辑脚本执行助手(增强版)- 根据飞书提示词库和直播素材文字档生成剪辑建议脚本。 支持飞书文档(docx)和知识库(wiki)链接,自动解析权限问题。 ⚠️ 重要:本 skill 所有文档读取必须通过 Python CLI 脚本,不使用内置 feishu_doc 工具! 触发指令格式:「剪辑脚本 [视频类型]... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 93 次。
如何安装 VideoClaw Pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install videoclaw-pro」即可一键安装,无需额外配置。
VideoClaw Pro 是免费的吗?
是的,VideoClaw Pro 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
VideoClaw Pro 支持哪些平台?
VideoClaw Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 VideoClaw Pro?
由 xiangxueweb(@xiangxueweb)开发并维护,当前版本 v1.0.0。
推荐 Skills