← 返回 Skills 市场

Visla AI Video Creation

Name: Visla AI Video Creation
Author: visla-admin

作者 visla-admin · GitHub ↗ · v1.0.3

cross-platform ⚠ suspicious

2137

总下载

当前安装

版本数

在 OpenClaw 中安装

/install visla

功能描述

Creates AI-generated videos from text scripts, URLs, or PPT/PDF documents using Visla. Use when the user asks to generate a video, turn a webpage into a vide...

安全使用建议

This skill appears to do what it says: it runs local CLI wrappers that call Visla's API and upload user-supplied files. Before using it: (1) Only provide your Visla API key/secret if you trust the Visla service and this skill's source; (2) Grant explicit permission if the agent asks to read ~/.config/visla/.credentials — otherwise supply credentials yourself via environment variables or the CLI flag; (3) Be aware that providing a URL causes the agent to make outbound HTTP requests to validate and fetch that page, and uploading documents will use pre-signed S3 URLs returned by Visla; (4) If you don't trust the skill author, review the bundled scripts (they are included) or run them in a restricted environment. Overall there are no red flags, but treat API keys and uploaded documents as sensitive and only share when comfortable.

功能分析

Type: OpenClaw Skill Name: visla Version: 1.0.3 The skill is classified as suspicious due to significant Local File Inclusion (LFI) vulnerabilities in both `scripts/visla_cli.sh` and `scripts/visla_cli.py`. Both scripts allow reading and uploading arbitrary local files (e.g., via `script @filename` or `doc filename` commands) if the agent is prompted to provide a sensitive file path. Additionally, the Python script explicitly supports reading credentials from an arbitrary file path via `--credentials-file`. The `SKILL.md` also presents a prompt injection surface, as it instructs the AI agent to ask for user consent before accessing local credential files, which could be bypassed by a malicious prompt. These issues represent critical vulnerabilities that could lead to unauthorized data exposure, though there is no clear evidence of intentional malicious behavior within the code itself.

能力评估

✓ Purpose & Capability

The skill is a Visla API CLI wrapper for creating videos. The only required environment variables are VISLA_API_KEY and VISLA_API_SECRET, which are exactly what an API client needs. The included files (Bash and Python CLIs under scripts/) match the described functionality and the API base URL (openapi.visla.us) matches the Visla purpose.

ℹ Instruction Scope

SKILL.md confines actions to creating videos from user-provided scripts/URLs/docs and checking account balance. It explicitly instructs the agent to request user consent before reading ~/.config/visla/.credentials and to avoid printing secrets. The CLIs will validate and fetch user-provided URLs (making network requests) and will upload documents via pre-signed S3 URLs as part of normal operation — this means the agent will make outbound network calls to Visla and to any URLs the user supplies, which is expected but worth noting to non-technical users.

✓ Install Mechanism

There is no remote install or download spec; the skill is instruction-only with bundled scripts. No external archives or shorteners are fetched at install time. Runtime dependencies (curl, openssl, jq, python requests) are standard and checked at runtime.

✓ Credentials

The skill only requests VISLA_API_KEY and VISLA_API_SECRET (VISLA_API_KEY marked primary), appropriate for contacting the Visla API. The SKILL.md documents using a local credentials file only with user consent. There are no unrelated or excessive environment variables or config paths requested.

✓ Persistence & Privilege

The skill is not always-enabled and does not ask to modify other skills or system-wide settings. It does not request permanent presence or elevated privileges beyond normal agent invocation.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install visla
安装完成后，直接呼叫该 Skill 的名称或使用 /visla 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.3

- Updated credential handling: the Python CLI now supports the `--credentials-file` argument for direct credential file use, while Bash still uses environment variables. - Clarified credential management instructions, including using `--credentials-file` with user consent on Python. - Updated platform-specific execution examples to reflect new credential argument usage. - Minor documentation corrections for clarity and accuracy. - Version header updated to 260218-1410.

v1.0.2

- Added a metadata section describing required environment variables and script files. - Clarified and tightened credential handling: now requires user consent before reading local credential files. - Added user reminder: only process local files (scripts/docs) explicitly provided by the user and advise not to upload sensitive data. - No changes to command functionality or workflow.

v1.0.1

- Removed the "Error Recovery" and "Repair workflow" sections from the documentation

v1.0.0

Initial release of Visla AI video creation skill. Generate AI videos from text scripts, URLs, or PPT/PDF documents using Visla.

元数据

Slug visla

版本 1.0.3

许可证 —

累计安装 0

当前安装数 0

历史版本数 4

常见问题

Visla AI Video Creation 是什么？

Creates AI-generated videos from text scripts, URLs, or PPT/PDF documents using Visla. Use when the user asks to generate a video, turn a webpage into a vide... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2137 次。

如何安装 Visla AI Video Creation？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install visla」即可一键安装，无需额外配置。

Visla AI Video Creation 是免费的吗？

是的，Visla AI Video Creation 完全免费（开源免费），可自由下载、安装和使用。

Visla AI Video Creation 支持哪些平台？

Visla AI Video Creation 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Visla AI Video Creation？

由 visla-admin（@visla-admin）开发并维护，当前版本 v1.0.3。