TencentCloud Video Effects

v1.0.1

通过上传图片和选择特效模板，生成一段特效视频，将静态图像转化为充满活力、动感、有趣的视频画面。

⭐ 0· 316·1 current·1 all-time

by败毒@neck-cn

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (Tencent Cloud video effects) match the included code and API references: the script calls SubmitTemplateToVideoJob/DescribeTemplateToVideoJob on vclm.tencentcloudapi.com. Asking for Tencent Cloud API keys (SecretId/SecretKey and optional Token) is appropriate for this purpose. However, the registry metadata lists no required environment variables while both SKILL.md and the script require TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY (and optionally TENCENTCLOUD_TOKEN). This metadata omission is an incoherence worth flagging.

Instruction Scope

SKILL.md instructs the agent to execute the script autonomously whenever a user provides an image and requests effects, with a strict "zero interaction" rule: "Agent must directly execute the script, do not ask user confirmation." This increases privacy/risk because the agent will perform network calls and upload images without explicit runtime user consent. The instructions themselves are otherwise specific (command-line args, polling behavior) and do not ask to read unrelated files, but the enforced no-confirmation policy is broader than typical and should be considered by users.

ℹ

Install Mechanism

There is no declared install spec (instruction-only). The included Python script self-installs the tencentcloud-sdk-python package via subprocess pip if missing. Auto-installing from PyPI at runtime is not unusual but is a supply-chain and runtime-network action that some operators avoid. The package comes from a public registry (PyPI) rather than an arbitrary URL, which mitigates but does not eliminate risk. The script does not download arbitrary code from custom hosts.

Credentials

The script legitimately needs Tencent Cloud credentials (SecretId, SecretKey, optional Token) to call the VCLM APIs; this is proportional to the stated function. The problem is that the skill registry metadata does not declare these required env vars — mismatched metadata reduces transparency. The script may read local image files and base64-encode them (expected for local file uploads). No other unrelated credentials or services are requested.

ℹ

Persistence & Privilege

The skill does not request always:true and does not modify other skills or system configuration. The notable concern is the SKILL.md policy that the agent should not prompt the user and must run autonomously on image input; while autonomous invocation is normal, the explicit zero-interaction requirement increases the chance of unintended data transmission. The skill itself does not persist credentials or change agent config.

What to consider before installing

This skill appears to implement Tencent Cloud video-effect APIs and requires your Tencent Cloud API keys to run; that is reasonable for its purpose. Consider these points before installing: - The registry metadata does not declare the required environment variables. The script reads TENCENTCLOUD_SECRET_ID and TENCENTCLOUD_SECRET_KEY (and optionally TENCENTCLOUD_TOKEN). Only install if you are willing to provide credentials. - The SKILL.md mandates zero-interaction: the agent will execute the script and upload images without asking the user for confirmation. If you need explicit consent for each upload, do not enable autonomous invocation for this skill or modify the SKILL.md behavior. - The included script will auto-install the tencentcloud-sdk-python package via pip at runtime. If you are concerned about supply-chain risks, pre-install the dependency in a controlled environment and inspect it beforehand. - Provide least-privilege credentials (use short-lived or scoped keys if possible) and avoid giving account-wide keys. Monitor usage and consider using a dedicated account for this skill. - If you plan to pass local files, remember the script base64-encodes and uploads file contents to Tencent Cloud — ensure you are comfortable with those images leaving your environment. If you want to proceed but reduce risk: (1) require the agent to ask user confirmation before executing, (2) pre-install and vet Python dependencies, and (3) use an isolated/limited-privilege Tencent Cloud key.

Like a lobster shell, security has layers — review code before you run it.

latestvk976yvy539dt61a0emf58gg5t182cq28

316downloads

0stars

2versions

Updated 1mo ago

v1.0.1

MIT-0

腾讯云水平特效 Skill

功能描述

本 Skill 提供视频特效能力，识别传入图片中人体的完整轮廓，进行抠像：

场景	API	脚本	图片大小限制	返回方式
视频特效	TemplateToVideo	`main.py`	10MB	异步

环境配置指引

密钥配置

本 Skill 需要腾讯云 API 密钥才能正常工作。

Step 1: 开通视频特效服务

🔗 腾讯云视频特效控制台

Step 2: 获取 API 密钥

🔗 腾讯云 API 密钥管理

Step 3: 设置环境变量

Linux / macOS：

export TENCENTCLOUD_SECRET_ID="你的SecretId"
export TENCENTCLOUD_SECRET_KEY="你的SecretKey"

如需持久化：

echo 'export TENCENTCLOUD_SECRET_ID="你的SecretId"' >> ~/.zshrc
echo 'export TENCENTCLOUD_SECRET_KEY="你的SecretKey"' >> ~/.zshrc
source ~/.zshrc

Windows (PowerShell)：

$env:TENCENTCLOUD_SECRET_ID = "你的SecretId"
$env:TENCENTCLOUD_SECRET_KEY = "你的SecretKey"

⚠️ 安全提示：切勿将密钥硬编码在代码中。

Agent 执行指令（必读）

⚠️ 本节是 Agent（AI 模型）的核心执行规范。当用户提供图片并请求视频特效时，Agent 必须严格按照以下步骤自主执行，无需询问用户确认。

🔑 通用执行规则

触发条件：用户提供了图片，且用户意图为视频特效。
零交互原则：Agent 应直接执行脚本，不要向用户询问任何确认。
自动选择脚本：根据上方「选择规则」自动选择合适的脚本。
⛔ 禁止使用大模型自身能力替代视频特效（最高优先级规则）：
- 视频特效脚本调用失败时，Agent 严禁自行猜测或编造识别内容。
- 如果调用失败，Agent 必须向用户返回清晰的错误说明。

📌 脚本： `main.py`

python3 <SKILL_DIR>/scripts/main.py "<TEMPLATE_NAME>" "<PIC_INPUT>" [可选参数]

必填参数：

参数	说明	示例
`<TEMPLATE_NAME>`	特效模板名称	`hug`
`<PIC_INPUT>`	输入图片 URL 或本地文件路径（≤10MB，支持 png/jpg/jpeg/webp/bmp/tiff）	`https://example.com/human.png` 或 `/path/to/image.png`

可选参数：

参数	类型	默认值	说明
`--logo-add`	int	`1`	是否添加 AI 生成标识：`1`=添加, `0`=不添加
`--resolution`	string	`360p`	视频输出分辨率，如 `360p`、`720p`、`1080p`
`--bgm`	flag	不添加	添加此参数则为生成视频添加背景音乐
`--poll-interval`	int	`5`	轮询任务状态的间隔秒数
`--max-poll-time`	int	`600`	最大轮询等待时间（秒），超时则报错退出
`--no-poll`	flag	关闭	添加此参数则仅提交任务并返回 JobId，不轮询结果

输出示例：

{
    "ResultVideoUrl": "https://bda-segment-mini-1258344699.cos.ap-guangzhou.myqcloud.com/Image/1251755623/9e73b301-ad1b-4586-837b-b767e73c4bf2?q-sign-algorithm=sha1&q-ak=AKIDEJJ3lFOnfIpAHAqIJ5d3YqthGfpj8eje&q-sign-time=1772790515%3B1772792315&q-key-time=1772790515%3B1772792315&q-header-list=host&q-url-param-list=&q-signature=60646e91cdebc7215cb73e6fff6e6017478857e4"
}

📋 完整调用示例

基本调用（使用默认参数）：

python3 /path/to/scripts/main.py hug "https://example.com/human.png"

指定分辨率和背景音乐：

python3 /path/to/scripts/main.py hug "https://example.com/human.png" --resolution 720p --bgm

去除 AI 标识 + 高分辨率：

python3 /path/to/scripts/main.py hug /path/to/local/image.jpg --logo-add 0 --resolution 1080p

仅提交任务，不等待结果：

python3 /path/to/scripts/main.py hug "https://example.com/human.png" --no-poll

自定义轮询策略：

python3 /path/to/scripts/main.py hug "https://example.com/human.png" --poll-interval 10 --max-poll-time 300

❌ Agent 须避免的行为

只打印脚本路径而不执行
向用户询问"是否要执行视频特效"——应直接执行
手动安装依赖——脚本内部自动处理
忘记读取输出结果并返回给用户
视频特效服务调用失败时，自行编造识别内容

API 参考文档

详细的引擎类型、参数说明、错误码等信息请参阅 references/ 目录下的文档：

提交视频特效API（原始文档）
查询视频特效API（原始文档）

核心脚本

scripts/main.py — 视频特效脚本

依赖

Python 3.7+
tencentcloud-sdk-python（腾讯云 SDK，main.py 使用）

安装依赖（可选 - 脚本会自动安装）：

pip install tencentcloud-sdk-python requests

Comments

Loading comments...