← 返回 Skills 市场
900
总下载
0
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install youtube-shorts
功能描述
AI/DevOps 유튜브 숏츠 자동 생성. 트렌드 수집 → 스크립트 → 이미지 → Veo 영상 → TTS 나레이션 → Remotion 합성 → YouTube 업로드
安全使用建议
This skill asks the agent to clone and run a GitHub repository and to install packages, then run commands that can upload videos. Before installing or running it: 1) Inspect the repository (https://github.com/kangjjang/youtube-shorts-skill.git) and review scripts/setup.sh and requirements.txt for unexpected behavior. 2) Confirm where YouTube upload credentials and any Veo (or other paid service) API keys are configured — do not provide your YouTube OAuth tokens unless you trust and have inspected the code. 3) Consider running the code in an isolated sandbox or ephemeral VM first to observe network calls and file writes. 4) If you only want the instruction logic and not remote code execution, ask the publisher to include the scripts in the skill bundle or to declare all required credentials and explain upload flow. 5) If you cannot audit the repo, do not supply GEMINI_API_KEY or other secrets to an unreviewed skill.
功能分析
Type: OpenClaw Skill
Name: youtube-shorts
Version: 2.0.1
The skill is classified as suspicious due to its broad requested permissions and the instruction to fetch and execute unverified external code. `SKILL.md` explicitly requests `Bash`, `Read`, `Write`, and `exec` tools, granting extensive control. Crucially, it instructs the agent to `git clone https://github.com/kangjjang/youtube-shorts-skill.git` and then execute `bash scripts/setup.sh` from the cloned repository. This constitutes a significant supply chain vulnerability, as the content of the external repository and its setup script are not provided for analysis and could contain malicious payloads. Additionally, `pip install -r requirements.txt` introduces further supply chain risk via Python packages. The skill also requires `GEMINI_API_KEY`, which, combined with the broad permissions, could be vulnerable to exfiltration by the external code.
能力评估
Purpose & Capability
The name/description (YouTube Shorts 자동 생성) aligns with the pipeline described (trend → script → images → video → TTS → upload). However the skill instructs downloading and running a GitHub repo and executing uploads, yet the declared requirements only include GEMINI_API_KEY. Uploading to YouTube and using a service named 'Veo' would normally require additional credentials or configuration; those are not declared. This is an unexplained gap between claimed capabilities and declared requirements.
Instruction Scope
The SKILL.md instructs the agent to git clone a repository (https://github.com/kangjjang/youtube-shorts-skill.git), run scripts/setup.sh, create/activate a Python virtualenv, pip install requirements, and run python/node code. Those steps download and execute arbitrary third-party code at runtime and write to disk. The instructions also reference ${CLAUDE_PLUGIN_ROOT} and numerous CLI invocations (including upload flags). The instructions do not constrain what the cloned code does or enumerate required additional env vars/secrets, giving broad runtime discretion.
Install Mechanism
Although the skill bundle has no formal install spec, the runtime instructions perform a git clone from a third-party GitHub repo and run a setup script + pip install. Downloading and executing remote code via an unaudited repo and running arbitrary setup scripts is a higher-risk install mechanism. GitHub is a known host (better than an unknown IP/shortener), but the repo owner is unknown and the repository contents are not provided for review.
Credentials
The skill declares only GEMINI_API_KEY as a required env var, saying Gemini will be used for text/image/video/TTS. But the SKILL.md also references uploading to YouTube and uses a separate service 'Veo' with per-video costs. No YouTube OAuth credentials, client_secrets, or Veo API key are requested or documented. The absence of declared credentials for upload and external video-generation services is disproportionate and unexplained.
Persistence & Privilege
always:false (good), but the skill instructs fetching and executing external code and can be invoked autonomously (platform default). Combining autonomous invocation with runtime download/execute of a third-party repo increases blast radius if the repo is malicious or changes later. The skill writes a venv, installs packages, and writes outputs to disk — expected, but higher-risk given remote code execution.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install youtube-shorts - 安装完成后,直接呼叫该 Skill 的名称或使用
/youtube-shorts触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.1
Add GitHub clone instructions for full source code
v2.0.0
Initial release: 9-step pipeline with Gemini TTS + Remotion compositing
元数据
常见问题
YouTube Shorts 자동 생성 是什么?
AI/DevOps 유튜브 숏츠 자동 생성. 트렌드 수집 → 스크립트 → 이미지 → Veo 영상 → TTS 나레이션 → Remotion 합성 → YouTube 업로드. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 900 次。
如何安装 YouTube Shorts 자동 생성?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install youtube-shorts」即可一键安装,无需额外配置。
YouTube Shorts 자동 생성 是免费的吗?
是的,YouTube Shorts 자동 생성 完全免费(开源免费),可自由下载、安装和使用。
YouTube Shorts 자동 생성 支持哪些平台?
YouTube Shorts 자동 생성 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 YouTube Shorts 자동 생성?
由 kangjjang(@kangjjang)开发并维护,当前版本 v2.0.1。
推荐 Skills