ClawHub

Chanjing Content Creation Skill

v1.0.3

蝉镜内容创作聚合技能包。提供凭据管理、TTS 语音合成、声音克隆、数字人口播、对口型、文生图/视频、定制数字人训练、一键成片编排、卡通视频编排等能力。当用户表达"做一个短视频""语音合成""数字人口播""一键成片""卡通视频"等意图时触发。副作用:HTTPS 访问蝉镜 Open API、读写本地凭据文件、下载、f...

1· 80·1 current·1 all-time
by@binkes
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Chanjing content creation: TTS, voice-clone, digital humans, video orchestration) match the codebase and runtime instructions. Declared binaries (python3, ffmpeg/ffprobe) and required env vars (CHANJING_APP_ID, CHANJING_SECRET_KEY) are directly used by the libraries and CLI scripts and are expected for this functionality.
Instruction Scope
SKILL.md is a top-level router and explicitly delegates operations to product/orchestration sub-skill scripts (products/*, orchestration/*). It documents the side-effects it will perform: HTTPS to Chanjing Open API, reading/writing local credentials (.env under skill dir), downloads of result URLs, launching subprocesses (python/ffmpeg) and optionally opening a browser for login. It also instructs using web_search for trend research in orchestration docs — that is out-of-skill network activity but described as part of content-research steps. Behavior described in SKILL.md aligns with the code; there is no hidden instruction to access unrelated system paths or exfiltrate arbitrary secrets beyond the Chanjing credentials and tokens.
Install Mechanism
No install spec — the skill is instruction + bundled Python scripts. All code is included in the package (L1/L2/L3). No remote downloads or install URLs are executed at installation time, reducing supply-chain risk. Scripts will be executed via python3 subprocesses at runtime.
Credentials
Requested environment variables (CHANJING_APP_ID, CHANJING_SECRET_KEY) are appropriate for an API-integrating skill. The runtime also uses optional token-related env vars and CHANJING_API_BASE; those are documented in SKILL.md. Minor inconsistency: manifest.yaml lists those variables under optional, while SKILL.md and metadata indicate they are required for operation — you should assume you need to provide app_id/secret. The skill reads/writes skills/chanjing-content-creation-skill/.env (declared in runtime contract).
Persistence & Privilege
always: false and disable-model-invocation defaults are standard. The skill writes its own .env file under its skill directory (documented) and does not claim to modify other skills or global agent settings. It may open a browser to guide login (documented).
Assessment
This skill appears to do what it says: route intents to Chanjing product scripts and orchestrate media creation. Before installing, consider: 1) Provide Chanjing API credentials (CHANJING_APP_ID and CHANJING_SECRET_KEY) only if you trust the Chanjing service; the skill will read them from env or write them to skills/chanjing-content-creation-skill/.env. 2) Outputs and downloads: the skill may download result URLs returned by the API into the skill's output directories and will invoke ffmpeg for composition — ensure you run it in an environment where file writes and subprocesses are acceptable. 3) Network scope: primary network host is open-api.chanjing.cc (and www.chanjing.cc for login); note that API-provided signed URLs may point to other hosts for upload/download (this behavior is documented in SKILL.md and manifest). 4) Credentials hygiene: use a dedicated/trusted API key, avoid sharing production secrets, and be prepared to rotate keys if you stop using the skill. 5) Minor documentation mismatch: manifest lists the Chanjing keys as optional while the SKILL.md treats them as required — treat them as required for real use. If you need higher assurance, run the package in an isolated environment (container or throwaway VM) and/or review the specific product scripts you expect to use (products/* and orchestration/*) before giving it access to sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk975eccrpakaywp72q0hedpwg184cqe8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSmacOS · Linux
Binspython3
Any binffmpeg, ffprobe
EnvCHANJING_APP_ID, CHANJING_SECRET_KEY

Comments