ClawHub

PixVerse AI Image and Video Generator

v1.5.0

PixVerse CLI — generate AI videos and images from the command line. Supports PixVerse V6, Veo, Sora, Grok video models; Nano Banana (Gemini), Seedream, Qwen...

0· 325·0 current·0 all-time
by@pixverse-official
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (PixVerse CLI for image/video generation) match the instructions and workflows: OAuth device flow, create/download assets, models, pipelines, and asset management. No unrelated credentials or binaries are requested and the provided scripts align with repo maintenance (git/curl).
Instruction Scope
SKILL.md stays on-topic (create/edit/modify assets, check tasks, manage workspaces). It explicitly instructs uploading local files to PixVerse cloud storage (expected for I2V/I2I workflows) and references storing tokens under ~/.pixverse/ and an optional PIXVERSE_TOKEN env var. These behaviors are coherent with the CLI purpose but are privacy-relevant (local files and auth tokens are transmitted/stored).
Install Mechanism
No install spec in the registry (instruction-only). The SKILL.md recommends npm install -g pixverse or npx usage, which is proportionate to a Node CLI. The two included shell scripts only use git and curl against GitHub raw content and are straightforward; no arbitrary binary downloads or obscure hosts are used.
Credentials
Registry metadata lists no required env vars, and the skill does not demand unrelated secrets. SKILL.md references PIXVERSE_TOKEN as an optional override and describes tokens saved under ~/.pixverse/ — the env var is reasonable but it is not declared in the registry metadata, which is a minor inconsistency the user should be aware of.
Persistence & Privilege
always:false and user-invocable (default) — no forced permanent presence. The skill stores its auth token in ~/.pixverse/ (normal for a CLI) but does not request system-wide or other-skills' configuration changes.
Assessment
This skill appears to do what it says: a CLI that interacts with PixVerse cloud services. Before installing or running it, consider: (1) Authentication uses OAuth device flow and tokens are stored in ~/.pixverse/ (or you can supply PIXVERSE_TOKEN) — treat that token like any other credential. (2) Local files passed to commands (e.g., --image ./file.jpg or --video ./my-video.mp4) are uploaded to PixVerse cloud for processing — do not upload sensitive or private files. (3) The included scripts (update.sh, check-update.sh) perform git pulls and curl to GitHub; run them only if you trust the repository and understand they may modify local files. (4) Minor metadata inconsistency: SKILL.md references PIXVERSE_TOKEN but the registry metadata lists no env vars — this is optional but worth noting. If you need higher assurance, inspect the upstream pixverse npm package code before installing or use npx to run without global install.

Like a lobster shell, security has layers — review code before you run it.

latestvk976nrhh244ysp0vncfmemykt5845y3s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments