← 返回 Skills 市场
111
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install xiaojiandao
功能描述
小剪刀AI视频剪辑skill。
安全使用建议
This skill implements the expected video-editing flow but has several red flags you should consider before installing: (1) It requires a service token (appsecret/XJD_TOKEN) but does not declare it in the registry; the SKILL.md instructs the agent to ask you to paste the token into chat — do NOT paste long-lived or sensitive tokens into a chat. Prefer setting XJD_TOKEN as an environment variable in a controlled environment. (2) The code will upload your video/audio to external services (biyi.cxtfun.com and api-cutflow.fun.tv) and will send the token in request headers; only use with content you are comfortable sending to those domains. (3) The package relies on Python libraries (requests, pycryptodome) not declared in metadata — ensure dependencies are managed in an isolated environment. (4) If you decide to proceed, create a limited-scope or short-lived token (if possible), test with non-sensitive sample videos, and review the endpoints and AES-key mapping in crypto.py to confirm they match the official service. If you need the skill but want tighter safety, ask the author to (a) declare required env vars (XJD_TOKEN), (b) remove the instruction to paste tokens in chat, and (c) declare/install runtime dependencies.
功能分析
Type: OpenClaw Skill
Name: xiaojiandao
Version: 1.0.1
The skill bundle is a comprehensive integration for the 'Xiao Jian Dao' (小剪刀) AI video editing platform. It provides tools for video uploading, OCR-based subtitle extraction, AI-generated commentary, and final video composition using scripts like bridge.py, oss_upload.py, and subtitle_ocr.py. While the client.py script collects system telemetry (OS, CPU model, and architecture) and crypto.py uses hardcoded AES keys for API communication with biyi.cxtfun.com and api-cutflow.fun.tv, these behaviors appear aligned with the service's operational requirements and do not exhibit signs of malicious intent, data exfiltration, or unauthorized command execution.
能力标签
能力评估
Purpose & Capability
Files and SKILL.md implement a video upload, OCR, ASR, clipping, TTS and final compose workflow calling biyi.cxtfun.com and api-cutflow.fun.tv — this aligns with the 'video editing' purpose. However the skill metadata declares no required env vars or primary credential while the code and runtime instructions clearly rely on a user token (XJD_TOKEN / appsecret). That mismatch (no declared credential but runtime token usage) is unexpected.
Instruction Scope
The SKILL.md explicitly instructs the agent to prompt the user to paste their '小剪刀 Token' directly into the conversation if no env var is set. It also instructs sending video files/URLs to external services and returning signed OSS URLs. Asking users to provide secrets in-chat and guiding the agent to accept them expands the skill's scope into credential collection/exfiltration — behavior beyond simple editing. The instructions also permit storing token in environment variable but don't require it or restrict how the token is handled.
Install Mechanism
There is no install spec (instruction-only style), which minimizes install-time risk. But the bundle includes Python modules that depend on third-party packages (requests, pycryptodome) that are not declared in the skill metadata or SKILL.md. Running the skill will therefore require installing these dependencies on the host, which the metadata does not warn about.
Credentials
The code requires a service token (used as appsecret/X-API-Token) but the skill's declared required env vars is empty. The SKILL.md encourages direct in-chat token entry and also suggests using XJD_TOKEN for persistent use — requesting a credential but not declaring it is disproportionate and increases accidental exposure risk. The skill will send uploaded video/audio/subtitle data and the token to remote endpoints (biyi.cxtfun.com, api-cutflow.fun.tv), which users should expect but may not realize from the registry metadata.
Persistence & Privilege
The skill does not request always:true and is user-invocable; it does not try to modify other skills or system-wide configuration. Autonomous invocation is allowed by default but is not combined with other elevated privileges in the manifest.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xiaojiandao - 安装完成后,直接呼叫该 Skill 的名称或使用
/xiaojiandao触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
xiaojiandao 1.0.1
- No code or documentation changes detected in this version.
- No new features, fixes, or updates introduced.
v1.0.0
xiaojiandao 1.0.0
- 全新发布:AI驱动的视频剪辑与解说 skill,每一步均需用户确认确保结果满意。
- 支持视频上传、AI风格剪辑、剧本生成、AI解说、音色与BGM推荐、配音及最终合成,全部分步交互。
- 增加显式用户确认点,并在关键步骤中展示中间结果,保证流程透明可控。
- 支持通过对话或环境变量灵活提交和更新 Token,详细引导 Token 失效处理流程。
- 支持 Markdown 格式返回视频链接,方便播放和分享。
- 明确每一步调用底层 bridge.py 命令,方便排查和二次开发。
元数据
常见问题
小剪刀视频剪辑 是什么?
小剪刀AI视频剪辑skill。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 111 次。
如何安装 小剪刀视频剪辑?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xiaojiandao」即可一键安装,无需额外配置。
小剪刀视频剪辑 是免费的吗?
是的,小剪刀视频剪辑 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
小剪刀视频剪辑 支持哪些平台?
小剪刀视频剪辑 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 小剪刀视频剪辑?
由 xjd(@guyuxiu)开发并维护,当前版本 v1.0.1。
推荐 Skills