ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Parse Video - 视频去水印

v1.0.1

视频去水印解析 Skill。支持 20+ 平台短视频去水印解析,包括抖音、快手、小红书、微博、西瓜视频、豆包、云雀、B站等。使用本技能时触发:解析视频、去水印、视频解析、解析链接、下载视频、去除水印、parse video、video parser、抖音解析、快手解析、小红书解析、bilibili 解析、douy...

0· 77·0 current·0 all-time
by@mackjosn·duplicate of @mackjosn/midea-nomark

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mackjosn/parse-video-nomark.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Parse Video - 视频去水印" (mackjosn/parse-video-nomark) from ClawHub.
Skill page: https://clawhub.ai/mackjosn/parse-video-nomark
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install parse-video-nomark

ClawHub CLI

Package manager switcher

npx clawhub@latest install parse-video-nomark
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (video parsing / remove watermark) align with the included scripts: both scripts download a platform-specific executable and run it to parse or serve video links. However the SKILL metadata declares no required binaries while the scripts rely on git (and basic shell utilities) to fetch the remote repo — an inconsistency the pack author should have declared.
!
Instruction Scope
The scripts instruct the agent/environment to clone a remote Gitee repository into ~/.cache/parse-video/.git-repo, copy a prebuilt executable into ~/.cache/parse-video/, chmod +x it, and then execute it. That means runtime behavior includes network retrieval of a non-open-source binary and executing it locally; the SKILL.md and scripts do not access other unrelated system paths, but executing opaque binaries is a meaningful scope expansion because the binary can perform arbitrary network IO and file access outside the skill's visible code.
!
Install Mechanism
No package manager install spec is present; the scripts perform a git shallow-clone from a Gitee repo and copy a prebuilt binary from the repo's dist/ directory. Downloading and executing third-party precompiled binaries (closed-source) is higher risk than instruction-only or source-based installs. Gitee is a known host, but the binary is opaque (README explicitly says the executable is not open source).
Credentials
The skill requests no environment variables or credentials, which is appropriate for its stated purpose. That said, it makes network requests to fetch binaries (git clone) and executes them locally; because no checksums or signatures are present, this behavior is not provably limited to the stated task and could access other credentials or data at runtime via the downloaded binary.
Persistence & Privilege
The skill does not set always:true and does not modify other skills or system-wide configs. It stores files under ~/.cache/parse-video/, which is reasonable for caching binaries. It will, however, persist a downloaded executable on disk and execute it when invoked.
What to consider before installing
This skill appears to do what it says (download a platform-specific parser binary and run it), but it automatically fetches and executes a closed-source executable from a remote Gitee repo. Before installing or running it: 1) Verify the Gitee repository and author (https://gitee.com/qiushuihanjing/parse-video-nomark) and inspect release files if possible. 2) Prefer open-source alternatives you can audit; running opaque binaries carries risk of arbitrary network/file access. 3) Run the skill in a sandboxed environment (isolated VM or container) if you must test it. 4) Ensure git is installed — the scripts assume git but do not declare it. 5) Look for checksums/signatures for the binary in the repo; if absent, treat the binary as unverified. 6) Do not run this on machines containing sensitive credentials or data. If you want a lower-risk alternative, ask for a variant that builds from source or exposes the parsing logic in script form instead of shipping precompiled binaries.

Like a lobster shell, security has layers — review code before you run it.

latestvk979942yyyxdkap1q6k4h3ckgd854jv3
77downloads
0stars
2versions
Updated 1w ago
v1.0.1
MIT-0
@mackjosn
latest
Download

parse-video Skill

简介

跨平台视频去水印解析工具,支持 20+ 主流短视频和社交媒体平台。首次使用自动下载对应平台的二进制文件。

支持平台

平台域名支持类型
抖音v.douyin.com, www.iesdouyin.com视频/图集
快手v.kuaishou.com视频
小红书xhslink.com, www.xiaohongshu.com视频/图集/LivePhoto
微博weibo.com, weibo.cn视频/图集
西瓜视频v.ixigua.com视频
哔哩哔哩bilibili.com, b23.tv视频
豆包www.doubao.com视频/图片
云雀xiaoyunque.jianying.com视频
更多.........

工作流程

方法一:一键解析(推荐)

使用 scripts/parse.sh 脚本,首次使用自动下载二进制:

# 解析任意视频分享链接
bash scripts/parse.sh "https://v.douyin.com/xxx"

# 解析豆包视频
bash scripts/parse.sh "https://www.doubao.com/video-sharing?share_id=xxx&video_id=xxx"

# 解析 B 站视频
bash scripts/parse.sh "https://b23.tv/xxx"

方法二:启动 HTTP 服务

# 启动服务(默认端口 8080)
bash scripts/serve.sh

# 指定端口
bash scripts/serve.sh 9090

# 服务启动后可访问 http://localhost:8080 查看 Web UI

方法三:直接使用 CLI(二进制位于 ~/.cache/parse-video/)

~/.cache/parse-video/parse-video-darwin-arm64 parse "https://v.douyin.com/xxx"

技术细节

  • 二进制下载路径: ~/.cache/parse-video/
  • 下载源: Gitee 仓库 dist/ 目录
  • 适用系统: macOS (arm64/amd64), Windows (amd64), Linux
  • 首次使用: 自动检测平台并下载对应二进制(约 30MB)

Comments

Loading comments...