ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

视频去除水印

v1.0.2

视频去水印解析 Skill。支持 20+ 平台短视频去水印解析,包括抖音、快手、小红书、微博、西瓜视频、豆包、云雀、B站等。使用本技能时触发:解析视频、去水印、视频解析、解析链接、下载视频、去除水印、parse video、video parser、抖音解析、快手解析、小红书解析、bilibili 解析、douy...

1· 98·0 current·0 all-time
by@mackjosn

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mackjosn/midea-nomark.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "视频去除水印" (mackjosn/midea-nomark) from ClawHub.
Skill page: https://clawhub.ai/mackjosn/midea-nomark
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install midea-nomark

ClawHub CLI

Package manager switcher

npx clawhub@latest install midea-nomark
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, scripts, and README all describe a local video parsing/no-watermark tool and the scripts only invoke a local 'parse-video-<os>-<arch>' binary, which is coherent with the stated purpose. However, the package claims local binaries exist but the listed assets are missing from the provided files and README/platform listing mismatches (Linux binary referenced in scripts but not in README assets). The README explicitly states the binary is closed-source ('不开源可执行文件'), which is expected for a binary-only parser but reduces auditability.
Instruction Scope
SKILL.md and the two shell scripts remain narrowly scoped: they detect OS/arch, make a shipped binary executable, then run it with 'parse <url>' or 'serve -p <port>'. The instructions do not tell the agent to read unrelated files or env vars. Concern: the actual network activity and data handling are delegated to an opaque binary (not present for review), so the runtime behavior (what is sent/received, whether other local files are read) cannot be verified from these instructions alone.
!
Install Mechanism
There is no install spec (instruction-only), which limits supply-chain risk from installers — but the skill relies on prebuilt binaries under assets/. Those binaries are not included in the provided file list; README enumerates some assets but they don't match scripts' expectations (scripts expect Linux binary too). Running unknown, closed-source binaries is high-risk because they could perform hidden network I/O or local data access; no checksums, no source, and no authoritative release URLs are provided.
Credentials
The skill declares no required env vars or credentials and the scripts do not read environment variables or config files. That is proportionate. Nonetheless, because the core logic runs in an opaque binary, that binary could request or transmit secrets at runtime; the lack of declared env requirements makes such behavior non-obvious and harder to detect.
Persistence & Privilege
The skill is not marked 'always:true' and doesn't request persistent system configuration. The serve mode runs a local HTTP server (expected for a local UI) but that is limited scope and user-invoked.
What to consider before installing
This skill appears to do what it says at the script level, but its core functionality is inside closed-source binaries that are not included or auditable in the package — that is the primary risk. Before installing or running: 1) obtain the actual binaries and verify they come from a trusted source and have published checksums or signatures; 2) prefer source or audited builds; 3) if you must run them, do so in a sandbox/VM or isolated container and monitor network traffic; 4) avoid running on machines with sensitive credentials or data available; 5) ask the publisher for source code or reproducible build instructions and a Linux binary if you need Linux support. If the author cannot supply verifiable binaries or source, treat this package with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk978r8bnpnpfxqa5xqxqqhdhk5852qph
98downloads
1stars
3versions
Updated 1w ago
v1.0.2
MIT-0
@mackjosn
latest
Download

parse-video Skill

简介

跨平台视频去水印解析工具,支持 20+ 主流短视频和社交媒体平台。

支持平台

平台域名支持类型
抖音v.douyin.com, www.iesdouyin.com视频/图集
快手v.kuaishou.com视频
小红书xhslink.com, www.xiaohongshu.com视频/图集/LivePhoto
微博weibo.com, weibo.cn视频/图集
西瓜视频v.ixigua.com视频
哔哩哔哩bilibili.com, b23.tv视频
豆包www.doubao.com视频/图片
云雀xiaoyunque.jianying.com视频
更多.........

工作流程

方法一:一键解析(推荐)

使用 scripts/parse.sh 脚本,自动识别平台并解析:

# 解析任意视频分享链接
bash scripts/parse.sh "https://v.douyin.com/xxx"

# 解析豆包视频
bash scripts/parse.sh "https://www.doubao.com/video-sharing?share_id=xxx&video_id=xxx"

# 解析 B 站视频
bash scripts/parse.sh "https://b23.tv/xxx"

方法二:启动 HTTP 服务

# 启动服务(默认端口 8080)
bash scripts/serve.sh

# 指定端口
bash scripts/serve.sh 9090

# 服务启动后可访问 http://localhost:8080 查看 Web UI

方法三:直接使用 CLI

# 解析分享链接
./assets/parse-video-darwin-arm64 parse "https://v.douyin.com/xxx"

# 按视频 ID 解析
./assets/parse-video-darwin-arm64 id douyin 7424432820954598707

# 启动服务
./assets/parse-video-darwin-arm64 serve -p 8080

输出格式

解析成功后返回:

  • 标题: 视频描述/标题
  • 作者: 作者昵称和头像
  • 视频地址: 无水印的直接播放链接
  • 封面地址: 视频封面图
  • 图片数量: 图集图片数量(如有)

注意事项

  1. 解析结果为临时链接,部分平台链接有时效性,建议及时下载
  2. 仅供个人学习研究使用,请勿用于商业用途
  3. 部分平台可能因接口调整而失效,我会定期更新

技术细节

  • 二进制位置: assets/parse-video-<os>-<arch>
  • 适用系统: macOS (arm64/amd64), Windows (amd64), Linux
  • 二进制来源: 本地编译,无第三方依赖

Comments

Loading comments...