Seedance Video Generation Extension
v1.0.0Orchestrate script-to-final-video production with a strict stage-gated workflow (outline → episode_plan → storyboard → storyboard_images → render), using See...
⭐ 1· 638·0 current·0 all-time
byKennyWu@kkenny0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description (video orchestration using Seedream/Seedance) match the included scripts: prepare, image generation, orchestration, and concatenation. However, registry metadata lists no required environment variables or credentials while SKILL.md and the code clearly require ARK_API_KEY and an installed seedance-video-generation (seedance.py). That metadata omission is an incoherence: the skill will not function without an external API key and a peer skill/script.
Instruction Scope
SKILL.md directs the agent to run local Python scripts that spawn subprocesses (calls to seedream_image.py and seedance.py via python3) and to call an external image API. The scripts also download video/image URLs returned by remote services (urllib.request.urlretrieve). The instructions/procedures access environment variables (ARK_API_KEY, SEEDANCE_SCRIPT) and read/write checkpoint and project files. Accessing these env vars and performing network I/O is consistent with the functionality, but the SKILL.md and registry metadata are inconsistent about required secrets and this increases the risk surface.
Install Mechanism
This is an instruction-only skill with no install spec; all code is included as scripts. No remote install/downloads or archive extractions are performed by an installer step. Risk from install mechanism is low.
Credentials
The code requires ARK_API_KEY (used by seedream_image.py) and optionally honors SEEDANCE_SCRIPT/SEEDANCE env hints, but the skill metadata declared no required environment variables or primary credential. ARK_API_KEY is a sensitive credential that grants an external image-generation API access; requesting it is proportionate to the stated purpose but the metadata omission is a red flag. Users should confirm the intended credential and its required scope before supplying it.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. It writes project-local checkpoint and artifact files, which is expected behavior for a staged workflow.
What to consider before installing
What to check before installing/use:
- Metadata mismatch: the registry entry lists no required env vars, but SKILL.md and scripts require ARK_API_KEY (Seedream) and expect seedance.py from a separate skill. Treat the package as incomplete until the registry metadata is corrected.
- Credential scope: only provide an ARK_API_KEY that is limited in scope (image-generation only) and rotatable. Do not reuse high-privilege or unrelated credentials.
- External endpoint: image requests go to https://ark.cn-beijing.volces.com/api/v3/images/generations. Verify this endpoint and the operator before sending any private prompts or data.
- Subprocess and downloads: scripts call seedance.py and run/parse its JSON output, and download URLs returned by remote services. Run in a sandbox or with least-privilege access to the filesystem, and review seedance-video-generation's source (seedance.py) before granting runtime access.
- Audit artifacts: the workflow writes checkpoint-*.json and output videos/images under the project directory; ensure project paths used are intended and do not point to sensitive directories.
- If you need higher assurance: ask the publisher to (1) update registry metadata to declare ARK_API_KEY and any other env vars, (2) provide a homepage/source repository for review, and (3) document the external API operator and expected token permissions.Like a lobster shell, security has layers — review code before you run it.
latest
Seedance Story Orchestrator (v0.2.0-phase1)
阶段性方案(Phase 1):
- 上层编排:
seedance-story-orchestrator - 下层执行:
seedance-video-generation/seedance.py
以“可审计、可恢复、可控推进”为第一目标。
Workflow(严格关卡)
固定阶段顺序:
outline -> episode_plan -> storyboard -> storyboard_images -> render
规则:
- 每阶段执行后写入
checkpoint-{stage}.json,默认confirmed=false - 未确认时,
run会立即停止并返回:pending_confirmation_stagenext_action
- 必须
confirm --stage <stage>后再继续下一阶段
Prerequisites
- Python 3.8+
seedance-video-generationskill(必须可访问seedance.py)ARK_API_KEY- FFmpeg(用于拼接最终视频)
Quick Start(推荐)
# 1) 运行到 render(会在每个关卡停下)
python3 {baseDir}/scripts/run_story.py run \
--project-dir {baseDir}/outputs/my-project \
--input-file /path/to/story.txt \
--stage render
# 2) 按提示确认阶段(示例)
python3 {baseDir}/scripts/run_story.py confirm \
--project-dir {baseDir}/outputs/my-project \
--stage outline
# 3) 查看整体状态
python3 {baseDir}/scripts/run_story.py status \
--project-dir {baseDir}/outputs/my-project
End-to-End(从剧本到成片)
# 首次运行(会停在 outline)
python3 {baseDir}/scripts/run_story.py run \
--project-dir ./my-project \
--input-file ./story.txt \
--stage render
# 逐关确认并继续
python3 {baseDir}/scripts/run_story.py confirm --project-dir ./my-project --stage outline
python3 {baseDir}/scripts/run_story.py run --project-dir ./my-project --stage render
python3 {baseDir}/scripts/run_story.py confirm --project-dir ./my-project --stage episode_plan
python3 {baseDir}/scripts/run_story.py run --project-dir ./my-project --stage render
python3 {baseDir}/scripts/run_story.py confirm --project-dir ./my-project --stage storyboard
python3 {baseDir}/scripts/run_story.py run --project-dir ./my-project --stage render
python3 {baseDir}/scripts/run_story.py confirm --project-dir ./my-project --stage storyboard_images
python3 {baseDir}/scripts/run_story.py run --project-dir ./my-project --stage render
python3 {baseDir}/scripts/run_story.py confirm --project-dir ./my-project --stage render
最终视频路径:
./my-project/videos/run-YYYYMMDD-HHMMSS/final-video.mp4
Input Modes
1) 非结构化输入(默认推荐:sub-agent-first)
# 先生成 sub-agent 任务
python3 {baseDir}/scripts/build_subagent_task.py \
--input-file /path/to/raw.txt \
--output {baseDir}/outputs/subagent-task.txt
# 用 sessions_spawn 执行后,拿到结构化 JSON,再喂给 prepare
python3 {baseDir}/scripts/prepare_storyboard.py \
--input-file /path/to/subagent-output.json \
--output-dir {baseDir}/outputs
2) 直接文本/JSON输入
python3 {baseDir}/scripts/prepare_storyboard.py \
--input-file /path/to/story.txt \
--output-dir {baseDir}/outputs
3) staged artifacts 输入
python3 {baseDir}/scripts/prepare_storyboard.py \
--staged-artifacts /path/to/staged-artifacts.v1.json \
--output-dir {baseDir}/outputs
Core Commands
Prepare
python3 {baseDir}/scripts/prepare_storyboard.py \
--input-file /path/to/story.txt \
--output-dir {baseDir}/outputs
Storyboard Images(Seedream)
python3 {baseDir}/scripts/seedream_image.py storyboard \
--storyboard /path/to/storyboard.draft.v1.json \
--output-dir {baseDir}/outputs/images
Render Videos(Seedance)
python3 {baseDir}/scripts/orchestrate_story.py run \
--storyboard /path/to/storyboard.draft.v1.json \
--output-dir {baseDir}/outputs/videos
Concat Final Video
python3 {baseDir}/scripts/concat_videos.py \
--run-dir {baseDir}/outputs/videos/run-YYYYMMDD-HHMMSS
Artifacts
主要产物:
plan-*/storyboard.draft.v1.jsonplan-*/assets.v1.jsonplan-*/staged-artifacts.v1.jsoncheckpoint-{stage}.jsonvideos/run-*/result-index.jsonvideos/run-*/run-summary.jsonvideos/run-*/final-video.mp4
Schemas & References
references/storyboard-v1.schema.jsonreferences/assets-v1.schema.jsonreferences/staged-artifacts-v1.schema.jsonreferences/subagent-parser-contract.mddocs/design-doc-v0.2.0-phase1.mddocs/logic-flow-v0.2.0-phase1.md
Notes (Phase 1)
- 当前是阶段性方案:优先可控、可恢复、可审计
- 自动“回传最终视频到会话”不在本阶段强制实现(可在 Phase 2 增加)
run_story.py已内置混合日志 JSON 解析与严格关卡机制
Comments
Loading comments...