← 返回 Skills 市场
Viral Video Replicator
作者
dingtom336-gif
· GitHub ↗
· v1.1.0
· MIT-0
88
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install viral-video-replicator
功能描述
视频逆向复刻 — 分析参考视频(FFmpeg帧提取+Vision LLM) + 生成复刻Seedance 2.0 Prompt + 4种素材替换模式。支持单个和批量。Use when: '复刻这个视频', '分析爆款视频', 'replicate this video', '视频逆向', '反编译视频', '批量...
安全使用建议
What to consider before installing/use:
- Metadata mismatch: the registry claims no env vars but the SKILL.md asks for ARK_API_KEY/ARK_VISION_MODEL and (conditionally) ASR and TOS credentials. Ask the publisher/platform to correct the metadata before trusting the skill.
- Sensitive credentials: avoid handing long‑lived TOS Access Key + Secret unless you trust the skill + operator. Prefer alternatives: (a) upload audio yourself and provide a presigned URL, (b) provide short‑lived/limited-scope credentials, or (c) use an account specifically provisioned for this purpose.
- Data privacy: this skill uploads extracted frames and audio to third‑party Vision/ASR services — do not upload videos containing sensitive personal data or copyrighted content you do not control without explicit legal review.
- Prompt injection risk: the skill contains system‑prompt text for remote LLM calls. Verify the platform prevents skill content from modifying the agent's own system prompt or policies.
- Verify storage/retention: ask whether the agent platform or the skill will store any API keys, presigned URLs, or uploaded media and for how long; request deletion after processing.
- If you must proceed: test in a low‑risk way — use non‑sensitive sample videos and ephemeral credentials; prefer providing presigned URLs instead of raw access keys.
If you want, I can draft questions to send to the skill author/platform to clarify the metadata discrepancy, credential storage/retention policy, and whether presigned‑URL flows are supported so you don't need to hand over full TOS secrets.
功能分析
Type: OpenClaw Skill
Name: viral-video-replicator
Version: 1.1.0
The viral-video-replicator skill implements a complex video analysis pipeline that requires the collection of sensitive cloud credentials, including Volcano Engine ARK API keys and TOS Access/Secret keys (SKILL.md). It also relies on local shell execution via FFmpeg for frame and audio extraction (frame-extraction.md). While these high-risk capabilities are plausibly aligned with the stated purpose of video replication and transcription, the handling of raw cloud credentials and the use of subprocesses represent a significant attack surface. No evidence of intentional malice or exfiltration to unauthorized domains was found, with network activity directed at legitimate endpoints like openspeech.bytedance.com and volces.com (asr-pipeline.md).
能力评估
Purpose & Capability
Functionally the required pieces (FFmpeg locally; Vision LLM key; optional ASR token and object storage for audio) are coherent with 'analyze video frames + transcribe audio + call vision/asr APIs' — those services are needed to implement the described pipeline. However the registry metadata lists no required env vars while the SKILL.md explicitly requires ARK_API_KEY/ARK_VISION_MODEL, ASR_ACCESS_TOKEN, and TOS credentials. That metadata mismatch is an incoherence that should be resolved with the author/platform.
Instruction Scope
The SKILL.md instructs the agent to: extract frames and audio locally, encode/send base64 frame grids to a remote Vision API, upload audio to cloud object storage (TOS) and submit to a remote ASR service. It also contains explicit system-prompt text for the Vision LLM. These are expected for the stated task, but they involve sending potentially sensitive or proprietary video frames and audio off‑platform and require collecting service credentials from the user — higher risk than an offline-only tool. The SKILL.md also directs the agent to ask users for long‑lived secrets (access key + secret).
Install Mechanism
Instruction-only skill with no install spec or downloaded code. This is the lower-risk installation model (nothing written to disk by an installer).
Credentials
The skill requires multiple credentials: a Vision API key and model id (expected), plus conditional ASR_ACCESS_TOKEN and full TOS object‑storage credentials (Access Key + Secret + Bucket + Region). Asking for TOS access key/secret grants broad access to the user's object storage and is high privilege; while technically needed to implement the described upload/presigned‑URL flow, it is sensitive and should be minimized (use short‑lived tokens or ask users to upload and provide presigned URLs instead). Also the registry metadata omits these env requirements which is a discrepancy.
Persistence & Privilege
Skill is user-invocable and not always-enabled. No install scripts or persistent modifications are declared. SKILL.md asks for keys during clarification, but it does not state any mechanism to store them; verify how the platform handles any supplied secrets before providing them.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install viral-video-replicator - 安装完成后,直接呼叫该 Skill 的名称或使用
/viral-video-replicator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
v1.1.0 — 94分优化版
元数据
常见问题
Viral Video Replicator 是什么?
视频逆向复刻 — 分析参考视频(FFmpeg帧提取+Vision LLM) + 生成复刻Seedance 2.0 Prompt + 4种素材替换模式。支持单个和批量。Use when: '复刻这个视频', '分析爆款视频', 'replicate this video', '视频逆向', '反编译视频', '批量... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 88 次。
如何安装 Viral Video Replicator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install viral-video-replicator」即可一键安装,无需额外配置。
Viral Video Replicator 是免费的吗?
是的,Viral Video Replicator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Viral Video Replicator 支持哪些平台?
Viral Video Replicator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Viral Video Replicator?
由 dingtom336-gif(@dingtom336-gif)开发并维护,当前版本 v1.1.0。
推荐 Skills