微信频道语音+视频实现气泡自动播报模式
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its stated video-generation purpose, but its script can overwrite files through an unbounded output path and sends user content to external generation services.
Review this skill before installing. If you use it, keep output names simple, verify the FFmpeg and Python/edge_tts paths point to trusted local tools, and avoid putting confidential information in generated narration or image prompts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or poorly chosen output path could overwrite files outside the skill's output folder.
The output filename is joined without validation, so absolute paths or '../' traversal can escape the intended directory; FFmpeg's '-y' option will overwrite an existing file.
parser.add_argument("--output", default="result.mp4", help="输出文件名") ... final_video = os.path.join(OUTPUT_DIR, args.output) ... "-shortest", "-y", output_videoRestrict output to a basename or normalize and verify that the final path remains inside the intended output directory; avoid automatic overwrite unless the user confirms.
The skill may fail or run an unexpected local binary if the hardcoded paths are not appropriate for the user's machine.
The script relies on hardcoded local executables, while the registry metadata declares no required binaries or install setup.
FFMPEG = r"C:\ffmpeg\bin\ffmpeg.exe" ... TTS_PY = r"C:\Users\lenovo\.copaw\venv\Scripts\python.exe"
Declare FFmpeg and edge_tts requirements, avoid developer-specific paths, and let users configure trusted executable locations.
Text or prompt content may be shared with external generation providers.
User-provided text is passed to edge_tts and the background prompt is sent to pollinations.ai for image generation.
cmd = [TTS_PY, "-m", "edge_tts", "--voice", "zh-CN-YunxiNeural", "--text", text, "--write-media", output_mp3] ... url = f"https://image.pollinations.ai/prompt/{encoded_prompt}?width=720&height=1280&nologo=true"Do not include secrets or sensitive personal data in the text or image prompt unless the external providers' privacy terms are acceptable.