ClawHub

Chanjing Video Compose

v1.0.3

Use Chanjing video synthesis APIs to create digital human videos from text or audio, with optional background upload, task polling, and explicit download whe...

0· 145·3 current·3 all-time
byIAMZn@iamzn1018
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, the included scripts, and declared metadata all describe a Chanjing video-composition client. The scripts only call the documented Open API endpoints (list, upload, create_video, video status, file_detail) and require the app_id/secret_key/access_token stored in credentials.json — this is coherent with the stated purpose.
Instruction Scope
Runtime instructions and scripts read/write ~/.chanjing/credentials.json (or $CHANJING_CONFIG_DIR) and call the Chanjing API. They may open a browser to the login page if credentials are missing. create_task supports an optional --callback (server-side callback to a user-supplied URL) and download_result downloads a user-provided URL; both behaviors are documented and require explicit user action. The scripts do not access other system secrets or unexpected paths.
Install Mechanism
No install spec; this is instruction+scripts only. No network install or archive extraction is performed by the skill metadata. The scripts are plain Python and depend on the presence of python3, which is documented.
Credentials
The skill intentionally uses file-based dual credentials (app_id/secret_key in credentials.json) rather than a single environment API key; CHANJING_CONFIG_DIR and CHANJING_API_BASE are optional. Persisting access_token/expire_in to disk is explicit in the metadata and scripts — this is expected for the chosen credential model, but users should be aware that sensitive tokens are stored on disk and shared across sibling Chanjing skills.
Persistence & Privilege
always:false and the skill does not modify other skills or global agent configuration. It writes/reads its own credentials file (~/.chanjing/credentials.json) which is expected for this client and documented; no elevated platform privileges are requested.
Assessment
This skill is coherent with its description, but review and accept these points before installing: (1) it reads and writes credentials.json (app_id/secret_key) in ~/.chanjing (or $CHANJING_CONFIG_DIR) and persists access_token to disk — do not commit that file to source control; (2) only run the included scripts if you trust https://open-api.chanjing.cc (the API host) because the skill will upload files and fetch media URLs returned by the service; (3) be careful when using --callback: providing a callback URL lets the service POST task results to that endpoint (only use endpoints you control/trust); (4) download_result will fetch and write arbitrary URLs you provide — only download from trusted URLs; (5) inspect the credentials-guard companion before using it if you are concerned about how app_id/secret_key are obtained or stored.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e46t4j2jzq38q1qwzbq16nx83pd2p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments