← 返回 Skills 市场
Youtube Editor
作者
jeong-wooseok
· GitHub ↗
· v1.0.14
2521
总下载
0
收藏
0
当前安装
14
版本数
在 OpenClaw 中安装
/install youtube-editor
功能描述
Automate YouTube video editing: download videos, transcribe with Whisper, analyze content using GPT-4, and create Korean SEO-optimized metadata plus consiste...
安全使用建议
Before installing or running this skill: 1) Expect to provide your OPENAI_API_KEY (required for transcription and GPT). The registry metadata does not declare this — the discrepancy is suspicious. 2) Install FFmpeg and the optional Python dependencies (playwright, rembg) if you want thumbnails. 3) The skill can call a separate nano-banana-pro script via fixed paths; only allow that if you trust the nano-banana-pro skill source (review its code). 4) The script writes files (transcripts, HTML, PNG) and reads your avatar/font files — don’t run it on machines with sensitive local data unless you audited the script. 5) If you’re not comfortable auditing the code or the external nano-banana-pro skill, treat this as untrusted and do not provide API keys or run on private videos. If you want higher assurance, ask the author to update the registry metadata to declare required env vars and system dependencies and to document exactly which external scripts it will execute.
功能分析
Type: OpenClaw Skill
Name: youtube-editor
Version: 1.0.14
The skill is classified as suspicious due to a local HTML injection (XSS) vulnerability in `scripts/process_video.py`. The `avatar_path` argument, which can be user-controlled, is directly embedded into an `<img>` tag's `src` attribute within an HTML template without proper HTML escaping. This could allow a malicious user to inject arbitrary JavaScript into the locally rendered HTML, which is then processed by Playwright. While the skill demonstrates good security practices like YouTube URL validation and safe subprocess execution for other features, this specific input sanitization oversight presents a vulnerability.
能力评估
Purpose & Capability
The SKILL.md and the included script clearly require an OpenAI API key (OPENAI_API_KEY) and optionally NANO_BANANA_KEY for image generation; however the registry metadata lists no required environment variables or binaries. The skill also requires FFmpeg and optional Python packages (playwright, rembg), which are declared only in SKILL.md/script comments, not in registry metadata. These mismatches mean the skill's declared requirements in the registry are incomplete/untrustworthy.
Instruction Scope
The runtime instructions and script stay within the advertised purpose: downloading video or using a local file, extracting audio, transcribing with Whisper, analyzing with GPT, and rendering thumbnails. Notable scope items: it executes subprocesses (ffmpeg, uv run), reads user-provided avatar/font files, writes transcripts/thumbnails to the working directory, and will execute a separate skill script if nano-banana-pro is present. The script includes URL validation to block localhost/private IPs and HTML-escapes text before embedding in HTML, which is good. Cross-skill execution (uv run of a script in another skill) expands the attack surface and should be reviewed before use.
Install Mechanism
There is no install spec (instruction-only skill with one script file). That reduces supply-chain risk because nothing is auto-downloaded or written during install. The script expects system packages (ffmpeg) and Python libs but does not fetch arbitrary remote archives.
Credentials
At runtime the script requires OPENAI_API_KEY (mandatory) and optionally NANO_BANANA_KEY. The registry metadata, however, declared no required env vars — a clear inconsistency. The requested credentials are proportional to the feature set (Whisper/GPT + optional image API), but the registry omission is a red flag: the agent may be installed without communicating that it will need your OpenAI key. The skill does not request unrelated secrets, but you should confirm before providing keys.
Persistence & Privilege
The skill does not request 'always: true' or otherwise demand permanent, forced inclusion. It does not modify other skills' configs. Its ability to call another skill's script increases blast radius only if that other skill is present; by default it only runs when invoked and only if nano-banana-pro is installed.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install youtube-editor - 安装完成后,直接呼叫该 Skill 的名称或使用
/youtube-editor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.14
Security: Added requiredEnvVars metadata, comprehensive Security Notice explaining all capabilities (API keys, subprocess, cross-skill integration, file I/O), and code comments for legitimate automation features
v1.0.13
Security: Remove Prerequisites section, .env refs, absolute paths
v1.0.12
Bugfix: fixed thumbnail renderer file:// URL resolution for Playwright screenshots. Includes previous security hardening improvements.
v1.0.11
Security hardening: YouTube URL allowlist validation, HTML-escaped thumbnail text rendering, safer Nano Banana path resolution, and subprocess timeouts.
v1.0.10
- Added full Korean language support for SEO titles, descriptions, and tags.
- Updated documentation to highlight Korean compatibility.
- Bumped version to 1.0.10.
v1.0.9
- Introduced consistent character generation for thumbnails using image-to-image techniques.
- Thumbnails now maintain the avatar's style across different videos, defaulting to a Pirate Lobster if no avatar is provided.
- Updated documentation to reflect the new "Character Consistency Edition."
- No changes to basic prerequisites or command-line usage.
v1.0.8
- Updated branding: Thumbnails are now described as "Adventurous Edition" featuring cute 3D AI characters, not just pirate-themed.
- Improved documentation to reflect general AI-generated characters for thumbnails when no avatar is provided.
- Clarified and modernized feature list and usage instructions.
- Updated to version 1.0.8.
v1.0.7
youtube-editor v1.0.7
- Introduced Pirate Lobster Edition: Thumbnails now feature custom AI-generated pirate lobster characters in the style of One Piece.
- Thumbnail workflow updates: Pirate lobster character performs actions relevant to the video topic.
- Improved documentation in SKILL.md to highlight the new pirate theme and automatic character generation.
- Version and description updated to reflect feature changes.
v1.0.6
- Added automatic AI-generated 3D character for thumbnails when no avatar is provided.
- Introduced NANO_BANANA_KEY requirement for AI character generation.
- Updated documentation with new usage options and clearer output details.
- Improved thumbnail section to highlight automatic avatar or character inclusion.
v1.0.5
youtube-editor 1.0.5 introduces advanced thumbnail features and improved customization.
- Enhanced thumbnail generation: Custom fonts, background removal for avatars, and new Black & Gold layout.
- Updated prerequisites: Requires rembg[cpu] for background removal; NANO_BANANA_KEY dependency removed.
- Streamlined usage: Added --author and --avatar options for custom branding.
- Documentation updated to reflect new features and installation steps.
v1.0.4
- Enhanced thumbnail generation: now creates backgrounds with Nano Banana and overlays high-quality, readable text using custom fonts.
- No more gibberish AI text on thumbnails—final thumbnails feature crisp text overlays.
- Added Playwright as a dependency for professional thumbnail text rendering; install instructions included.
- SKILL.md updated with improved prerequisites and clearer output file descriptions.
- Minor documentation cleanup and feature clarification.
v1.0.3
youtube-editor 1.0.3
- Expanded and clarified documentation in SKILL.md for setup, usage, troubleshooting, and output.
- Improved instructions for installing FFmpeg on all major platforms.
- Detailed error messages and solutions added to troubleshooting.
- Provided clearer breakdown of expected output files and their purposes.
v1.0.1
youtube-editor 1.0.1
- Improved SKILL.md documentation with clearer installation, usage steps, and prerequisites.
- Added detailed output file descriptions and configuration instructions for smoother setup.
- No changes to core functionality reported.
v1.0.0
youtube-editor 1.0.0 – Automate YouTube video post-production with AI
- Automates downloading, transcribing, analyzing, and thumbnail generation for YouTube videos.
- Supports both local video files and direct URL downloads.
- Uses OpenAI Whisper for accurate subtitle generation (.srt).
- Analyzes content with GPT-4 to create SEO-optimized titles, descriptions, and tags.
- Generates high-quality 4K thumbnails via Nano Banana Pro.
- Organizes outputs (audio, subtitles, transcript, metadata, thumbnail) into timestamped folders.
元数据
常见问题
Youtube Editor 是什么?
Automate YouTube video editing: download videos, transcribe with Whisper, analyze content using GPT-4, and create Korean SEO-optimized metadata plus consiste... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2521 次。
如何安装 Youtube Editor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install youtube-editor」即可一键安装,无需额外配置。
Youtube Editor 是免费的吗?
是的,Youtube Editor 完全免费(开源免费),可自由下载、安装和使用。
Youtube Editor 支持哪些平台?
Youtube Editor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Youtube Editor?
由 jeong-wooseok(@jeong-wooseok)开发并维护,当前版本 v1.0.14。
推荐 Skills