ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Book Video Maker

v2.0.0

Generate 1080x1920 vertical book summary videos with AI images, TTS voice, Ken Burns effect, and precise subtitle and audio alignment using customizable temp...

0· 67·0 current·0 all-time
by@jianzhufangna

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jianzhufangna/book-video-maker.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Book Video Maker" (jianzhufangna/book-video-maker) from ClawHub.
Skill page: https://clawhub.ai/jianzhufangna/book-video-maker
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install book-video-maker

ClawHub CLI

Package manager switcher

npx clawhub@latest install book-video-maker
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included code: the script generates 1080x1920 videos using AI images, TTS (edge-tts), and ffmpeg. The script calls an image-generation API (ARK) and TTS + ffmpeg to produce aligned subtitles and audio — all consistent with the stated purpose. Minor metadata inconsistency: the registry summary shows "Required env vars: none" while SKILL.md and the code require an ARK/DOUBAO API key (ARK_API_KEY / DOUBAO_API_KEY) or a config file; this is likely an omission in the registry metadata but not a functional mismatch.
Instruction Scope
SKILL.md tells the user to run scripts/generate.py and to provide an API key either via ARK_API_KEY env var or by creating a file under ~/.qclaw/workspace/kdjojodsi.md; the code uses those sources and otherwise stays within the task (downloading generated images, producing TTS audio, calling ffmpeg). The script writes outputs into an output directory and reads only a small set of specific files for the API key. It does not attempt to read arbitrary system files or exfiltrate data to unexpected endpoints beyond the image-generation service and standard package registries when it auto-installs dependencies.
Install Mechanism
There is no install spec in the registry, but the script auto-installs Python packages at runtime by invoking pip to fetch edge-tts and requests. Runtime pip installs are common but do introduce network-based supply-chain risk (it will fetch packages from PyPI). The skill otherwise relies on system ffmpeg being available (not installed by the skill).
Credentials
The only credential the code requests is an API key for the image-generation service (ARK/DOUBAO). That is proportionate to the functionality. The code looks for the key in ARK_API_KEY / DOUBAO_API_KEY env vars or a small set of named files in ~/.qclaw/workspace and a couple of local paths. Note: if those named files are present in the working directory, the script will parse them for a UUID-like token, so avoid placing sensitive unrelated files with those filenames in directories the script may read.
Persistence & Privilege
The skill does not request persistent platform privileges (always is false) and does not modify other skills or global agent settings. It writes output media files and may create supporting files/directories in the chosen output path and a voices subdirectory; it also installs Python packages at runtime but does not persist configuration beyond writing outputs and reading the optionally configured API key file.
Assessment
This skill appears to do what it says, but a few practical cautions before you run it: 1) Provide the API key only for the image service you expect (ARK / Volces) and verify the endpoint if you have doubts. 2) The script will attempt to pip-install edge-tts and requests at runtime — run it in a virtualenv or sandbox if you want to limit package installation. 3) Ensure ffmpeg is installed and available on PATH. 4) The script reads specific files (~/.qclaw/workspace/kdjojodsi.md and a couple of local filenames) to find a UUID-formatted key — do not store unrelated secrets in files with those names in your project directory. 5) Inspect the ARK service/provider (volces.com / 火山引擎) if you need to confirm trustworthiness. If any of these are concerns, run the code locally in an isolated environment or review/modify the script before use.

Like a lobster shell, security has layers — review code before you run it.

bookvk978sv6w0wn1cn85xn25nn0jzd84zt0elatestvk978sv6w0wn1cn85xn25nn0jzd84zt0eshort-videovk978sv6w0wn1cn85xn25nn0jzd84zt0evideovk978sv6w0wn1cn85xn25nn0jzd84zt0e
67downloads
0stars
1versions
Updated 1w ago
v2.0.0
MIT-0
@jianzhufangna
booklatestshort-videovideo
Download

Book Video Maker 2.0

书单爆款短视频生成器 - 精准字幕语音对齐版

快速开始

python scripts/generate.py -b "穷爸爸富爸爸" -a "罗伯特·清崎" -q templates/rich_dad_poor_dad.json

配置API Key

方式1 - 创建配置文件:

~/.qclaw/workspace/kdjojodsi.md

内容写入:

豆包 API Key: `你的UUID格式Key`

方式2 - 环境变量:

export ARK_API_KEY='你的API Key'

获取API Key: 访问火山引擎控制台开通豆包图片生成服务

参数说明

参数说明
-b书名(必需)
-a作者(必需)
-q金句JSON文件
-o输出目录

内置模板

  • rich_dad_poor_dad.json - 《穷爸爸富爸爸》22句

视频效果

  • 分辨率: 1080x1920 (竖屏)
  • Ken Burns特效
  • 精准字幕语音对齐
  • AI配图 + TTS语音

版本: 2.0.0

Comments

Loading comments...