← 返回 Skills 市场
67
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install vmake-skill
功能描述
Video file → videoscreenclear or hdvideoallinone + spawn-run-task and sessions_spawn (main session). Image → eraser_watermark or image_restoration + blocking...
安全使用建议
Before installing or enabling this skill: 1) Treat MT_AK / MT_SK (Vmake Access/Secret) as required — only provide keys from a trusted tenant. 2) Be aware the skill will read/write local files: ~/.openclaw/* and ~/.cache/vmake/* and may read a scripts/.env or a cwd .env, which can cause local secrets to be used; inspect those files first. 3) The skill can optionally use Telegram and Feishu delivery helpers that expect TELEGRAM_BOT_TOKEN in your environment and Feishu appId/appSecret in ~/.openclaw/openclaw.json — if you don't want delivery channels enabled, do not populate those credentials. 4) The registry summary shown to you earlier omitted required env vars (MT_AK/MT_SK) — prefer the SKILL.md and skill.json declarations as authoritative and ask the publisher/host to correct registry metadata before wide deployment. 5) If you must grant this skill keys, rotate them after testing and limit their privileges if possible. If you need higher assurance, request the upstream skill source (homepage/repo) or audit the remaining omitted files for any additional network endpoints or obfuscated behavior.
功能分析
Type: OpenClaw Skill
Name: vmake-skill
Version: 1.0.0
The skill bundle exhibits high-privilege behavior by reading the global OpenClaw configuration file (~/.openclaw/openclaw.json) to extract sensitive credentials for IM platforms like Feishu and Telegram (seen in scripts/feishu_send_image.py and others). Most notably, SKILL.md contains an embedded Python script for a 'Pre-Flight Check' that hardcodes a path to this config file (/home/ec2-user/.openclaw/openclaw.json) to perform authenticated API calls. While these capabilities are plausibly used for the stated purpose of multi-platform media delivery and quota management, the direct access to the main configuration file and the use of raw Python scripts within markdown instructions represent a significant security risk and a broad attack surface for credential theft or unauthorized actions if the skill were compromised or maliciously modified.
能力标签
能力评估
Purpose & Capability
The skill is clearly an image/video processing client for a paid Vmake API (videoscreenclear, hdvideoallinone, eraser_watermark, image_restoration). Requiring python3 and Vmake API keys (MT_AK / MT_SK) is coherent for this purpose. However the top-level summary in the prompt listing 'Required env vars: none' contradicts SKILL.md and skill.json which declare MT_AK/MT_SK as required — the manifest and runtime disagree with the registry metadata.
Instruction Scope
SKILL.md instructs agents to run scripts/vmake_ai.py and to use spawn-run-task/sessions_spawn for video tasks. The included code performs additional actions not fully surfaced in the high-level description: it reads ~/.openclaw/openclaw.json for channel credentials, reads .env files (scripts/.env and potential cwd .env), downloads user-provided URLs to temp files, and persists state under ~/.openclaw/workspace and ~/.cache/vmake. Those file/credential accesses extend scope beyond simple API calls and should be made explicit to operators.
Install Mechanism
This is instruction-plus-code (no install spec); there is no network-based install or arbitrary archive extraction in the manifest. Dependencies are typical (requests, alibabacloud-oss-v2). No suspicious third-party download URLs or extract operations were found in the provided files.
Credentials
MT_AK and MT_SK (Vmake API keys) are reasonable and proportional. However the skill also expects/use other credentials at runtime: TELEGRAM_BOT_TOKEN (env) and Feishu appId/appSecret loaded from ~/.openclaw/openclaw.json, and it will persist caches and history under user home directories. Those additional secrets are not declared in the registry metadata's 'requires.env', so the skill will access credentials beyond what the registry summary advertised. The client also loads any .env it finds and populates os.environ, which can surface additional secrets unintentionally.
Persistence & Privilege
The skill writes persistent state: ~/.openclaw/workspace/openclaw-vmake-ai/ (last_task.json, history) and ~/.cache/vmake/ (gid cache). always:false (not forced). The persistence is expected for resume/polling behaviour but combined with access to other local config files it increases blast radius if keys are mishandled. The skill does not attempt to modify other skills' configs in the provided code.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install vmake-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/vmake-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
openclaw-vmake-ai 1.3.0
- Expanded documentation with precise rules for watermark removal and quality restoration on images and videos.
- Clarified billing: All processing uses paid Vmake API and consumes tenant quota—never claim the service is free or guess pricing.
- Outlined chaining logic for multi-stage pipelines (watermark removal → restoration), with clear task separation and execution paths.
- Specified video task execution: always use spawn-run-task and sessions_spawn (never blocking run-task for video).
- Detailed new pre-flight credential check with platform-specific user notifications (e.g., Feishu credential card).
- Strict API usage: only submit jobs via the provided CLI, never direct HTTP.
元数据
常见问题
VMake 是什么?
Video file → videoscreenclear or hdvideoallinone + spawn-run-task and sessions_spawn (main session). Image → eraser_watermark or image_restoration + blocking... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 67 次。
如何安装 VMake?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install vmake-skill」即可一键安装,无需额外配置。
VMake 是免费的吗?
是的,VMake 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
VMake 支持哪些平台?
VMake 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 VMake?
由 wemayiiii(@wemayiiii)开发并维护,当前版本 v1.0.0。
推荐 Skills