← 返回 Skills 市场
80
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install vlog-auto-edit
功能描述
AI Agent自动剪辑旅行Vlog的完整工作流。从原始素材到成品视频,系统级只需ffmpeg,其余在Python venv内完成。
安全使用建议
This skill is largely coherent for automated vlog editing, but take the following precautions before installing or running it:
- Credentials and endpoints: the workflow sends extracted frames to a vision API (API_URL/API_KEY). Only provide keys for vision providers you trust and that have an acceptable privacy policy. Do not hand over credentials to unknown endpoints.
- Test with non-sensitive data: first run the skill on throwaway/sample clips (no personal or private content) to observe network calls and outputs.
- Prefer isolated environments: use a Python venv or container rather than installing packages globally (the SKILL.md suggests both; follow the venv option to reduce system impact).
- Inspect files for hidden content: the SKILL.md triggered a unicode-control-chars detection—open it in a hex/inspector or a trusted editor to ensure there are no hidden control characters or surprising instructions.
- Review network activity: if possible, run the agent in an environment where you can monitor outbound requests (so you can see where frames are uploaded).
- Review the upstream repo and author: the README points to a GitHub repo; verify the source code there and check commit history/issues. If you cannot verify the origin, be more cautious.
If you want, I can: (1) extract and show any non-printing/control characters found in SKILL.md, (2) list the exact places where the instructions send data off-host, or (3) suggest a minimal, offline configuration (use only local models) to avoid uploads.
功能分析
Type: OpenClaw Skill
Name: vlog-auto-edit
Version: 1.0.1
The skill bundle provides a legitimate workflow for automated video editing but utilizes high-risk capabilities, including automated package installation (pip install) and extensive shell command execution via ffmpeg. Specifically, code examples in SKILL.md utilize subprocess.run(shell=True), which presents a shell injection vulnerability. While these actions are aligned with the stated purpose of video processing, the instructions require classifying risky capabilities (shell/file access) as suspicious even when they are plausibly needed for the task.
能力标签
能力评估
Purpose & Capability
Name/description match the requested actions: ffmpeg + Python + a visual-model API are reasonable for automated vlog editing. However the registry metadata lists no required environment variables while the SKILL.md clearly expects a visual API endpoint and API key (API_URL / API_KEY) and optionally music/model APIs. The mismatch (declared none vs. instructions requiring keys) is noteworthy but explainable.
Instruction Scope
Runtime instructions tell the agent to extract frames, base64-encode them and POST to an external vision API, to clone a GitHub repo, and to install Python packages (possibly into the global environment). Those actions are coherent for the purpose, but they involve network uploads of user media and automated package installation. Additionally, a pre-scan found 'unicode-control-chars' in SKILL.md (a prompt-injection signal) which could hide or manipulate agent-visible instructions — inspect the file for invisible characters before trusting automated execution.
Install Mechanism
There is no packaged install spec; the skill is instruction-first and includes two utility scripts. Recommended installs are standard (pip packages, ffmpeg, optional yt-dlp). No obscure remote binary downloads or shortened URLs were found in the provided files. Risk is primarily from pip installing into global environment (the SKILL.md even recommends two modes and warns about model sizes).
Credentials
The skill needs at least one external API credential (vision model endpoint + API key) to perform visual analysis, and may also use other paid models or music APIs. Those credentials are not declared in the registry metadata. Uploading extracted frames to third-party endpoints is intrinsic to the feature but is a sensitive operation; ensure the chosen endpoint/provider is trustworthy and privacy-compliant. The skill does not request unrelated secrets (no AWS/GitHub tokens shown), but the omission from requires.env is an inconsistency to be aware of.
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills or system-wide settings, and contains only scripts that operate on local files and call ffmpeg. It does not demand elevated privileges. Autonomous invocation is allowed by platform default (not flagged by itself).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vlog-auto-edit - 安装完成后,直接呼叫该 Skill 的名称或使用
/vlog-auto-edit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
v1.0.1 makes minor improvements and adds author information.
- Added author field with contact to SKILL.md.
- Updated skill version to 1.0.1 in SKILL.md.
- Minor content tweaks and clarifications in documentation files.
- No breaking changes to workflow or functionality.
v1.0.0
Initial release: AI Agent auto-edits travel vlogs from raw footage. 7-stage pipeline: inventory → reference research → 3D analysis → preprocessing → LLM narrative planning → ffmpeg rendering → BGM generation. Includes dashboard visualization, speech validation, and 24 battle-tested pitfalls.
元数据
常见问题
Vlog Auto Edit 是什么?
AI Agent自动剪辑旅行Vlog的完整工作流。从原始素材到成品视频,系统级只需ffmpeg,其余在Python venv内完成。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。
如何安装 Vlog Auto Edit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vlog-auto-edit」即可一键安装,无需额外配置。
Vlog Auto Edit 是免费的吗?
是的,Vlog Auto Edit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Vlog Auto Edit 支持哪些平台?
Vlog Auto Edit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Vlog Auto Edit?
由 Nyx研究所(@znyupup)开发并维护,当前版本 v1.0.1。
推荐 Skills