短视频黄金 3 秒钩子生成器
v1.1.1智能生成适用于抖音快手等短视频平台的主题钩子,支持分类筛选和数据追踪,助力高完播高流量内容创作。
⭐ 0· 333·3 current·3 all-time
by@alone55
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (短视频钩子生成器) match the included files: a Node entry (index.js) that invokes a Python generator (main.py), templates, and monitoring code. Required env/config are none and no external APIs or cloud credentials are requested — this is coherent for a local template-generator + usage tracker.
Instruction Scope
SKILL.md describes generation commands, daily limits and data-tracking. The code implements those behaviors and only reads/writes files under the skill directory (data/usage.json, data/usage_log.json). One minor mismatch: SKILL.md claims '安全合规:无敏感词' (sensitive-word filtering/guarantee) but there is no automated content-moderation logic in the code — the generator can produce marketing-style claims in templates. Also monitor.py can accept an optional user_id parameter (defaults to 'anonymous') — so if the integration passes identities they could be logged.
Install Mechanism
No install spec / remote downloads are present. All code is bundled in the package (index.js, main.py, monitor.py). There are no network download/install steps and no external archive extraction. This is low-risk from an install provenance perspective, though the source is 'unknown' so repository provenance should be checked by the user.
Credentials
The skill requests no environment variables, secrets, or external credentials. All data collection is local file writes under the skill folder. The only potential privacy consideration is topic names and optional user_id values recorded in local logs — these are not encrypted or sent anywhere by the included code.
Persistence & Privilege
always:false and the skill does not modify other skills or system-wide settings. It persists modest data (usage.json, usage_log.json, daily_stats files) in its own data directory. No autonomous network callbacks or background daemons are created by the package itself.
Assessment
This package appears internally consistent with a local short-video hook generator. Before installing, consider: 1) Verify provenance — the package lists no homepage and the source is 'unknown'; review the repository/author if possible. 2) Data stored locally — usage.json and usage_log.json (under the skill/data folder) record topics and (optionally) user_id; if you care about privacy, inspect/clear these files or modify monitor.py to avoid logging user_id. 3) There is no network exfiltration in the included code, but if you or the platform later wire the skill to analytics/payment backends (DEPLOY/PUBLISH docs recommend configuring payments/analytics), review those integrations carefully. 4) The SKILL.md claim of 'no sensitive words / platform-safe' is a policy statement, not enforced by code — do not rely on it for compliance. 5) For safety, run the skill in a sandbox or local environment first (python3 is invoked via index.js; on Windows 'python3' may not exist). If you want higher assurance, ask the developer for an upstream repository link or a signed release and confirm there's no hidden network behavior.Like a lobster shell, security has layers — review code before you run it.
aivk97e96r4mewvagt2hae3a5jmz9824ckscontent-creationvk97e96r4mewvagt2hae3a5jmz9824cksdouyinvk9739a31br82988sdvt9rq2njh8249g7hookvk97e96r4mewvagt2hae3a5jmz9824ckslatestvk97e96r4mewvagt2hae3a5jmz9824cksshortvideovk97e96r4mewvagt2hae3a5jmz9824ckssocial-mediavk97e96r4mewvagt2hae3a5jmz9824cksxiaohongshuvk9739a31br82988sdvt9rq2njh8249g7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.