ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

douyin-guoxue-volcengine-pipeline

v1.0.0

Automate creation and publishing of 3-shot 9:16 Chinese metaphysics short videos on Douyin with Volcengine visuals, Edge TTS, ffmpeg, and backend verification.

0· 70·0 current·0 all-time
byKoi@jinhuadeng

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jinhuadeng/douyin-guoxue-volcengine-pipeline.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "douyin-guoxue-volcengine-pipeline" (jinhuadeng/douyin-guoxue-volcengine-pipeline) from ClawHub.
Skill page: https://clawhub.ai/jinhuadeng/douyin-guoxue-volcengine-pipeline
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install douyin-guoxue-volcengine-pipeline

ClawHub CLI

Package manager switcher

npx clawhub@latest install douyin-guoxue-volcengine-pipeline
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (Volcengine image/video, Edge TTS, ffmpeg, Douyin publish/verify) matches the instructions: the workflow shows how images → video → TTS → ffmpeg → publish. However, the skill does not declare any required binaries, environment variables, or config paths even though SKILL.md requires Python, ffmpeg, edge-tts, and a Volcengine credentials file and calls other local scripts. Referencing other skills' scripts without bundling or declaring them is a mismatch.
!
Instruction Scope
SKILL.md instructs the agent to read a specific file path (C:\Users\Lenovo\.openclaw\workspace\.volcengine_config) and load its contents into process environment variables — that reads local credentials but the skill metadata did not declare any config paths or required env vars. It also instructs running external scripts (skills/*/scripts/*.py) and tools (py, ffmpeg, edge-tts) that are not declared. Reading a user config file containing API keys is scope creep and a potential secret-exfiltration/vector for misuse if the file contains unrelated secrets.
Install Mechanism
This is an instruction-only skill with no install spec and no files that will be executed by an installer, which minimizes installer risk. However, it relies on existing local scripts and external binaries being present; the skill does not provide or validate those components.
!
Credentials
The SKILL.md reads and sets Volcengine environment variables from a local config file but the skill metadata lists no required environment variables or config paths. Requesting (implicitly) Volcengine credentials is expected for Volcengine API calls, but the absence of any declared credential requirements and the hard-coded config path are disproportionate and opaque. The skill also sets additional process env vars (e.g., VOLCENGINE_VIDEO_MODEL) without declaring them.
Persistence & Privilege
The skill is not marked 'always' and does not include installation steps that persistently modify system-wide settings. It sets environment variables only in-process according to the provided PowerShell snippet. There is no evidence it attempts to modify other skills' configs or gain permanent presence.
What to consider before installing
This skill appears to do what it says (create and publish Douyin videos) but has several red flags you should address before running it: - The runtime docs tell the agent to load a Volcengine credentials file from a specific local path (C:\Users\Lenovo\.openclaw\workspace\.volcengine_config) but the skill metadata does not declare that path or any required credentials. Inspect that file yourself first — confirm it only contains the Volcengine keys you expect and nothing else. - The SKILL.md expects Python (py -3.11), ffmpeg, and edge-tts to be available, and it calls scripts under skills/*/scripts/*.py that are not included in this package. Verify those scripts exist, read their source, and confirm they do only the publishing/API calls you expect. - Because the instructions load credentials into environment variables and then invoke other scripts, a malicious or buggy script in the referenced locations could misuse those keys. Only run the pipeline in a controlled environment with credentials scoped/minimized (use test keys or limited-permission keys). - If you want higher confidence: request the skill author include declared required env vars and config paths, list the expected binaries, or provide the referenced publish/generate scripts so you can review them. If any of those are unavailable, treat the skill as untrusted and do not supply real production credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk9778603pkz70gxhhrd2b2rymd85ajwr
70downloads
0stars
1versions
Updated 6d ago
v1.0.0
MIT-0
Koi@jinhuadeng
latest
Download

douyin-guoxue-volcengine-pipeline

Use this skill to run a production-tested Douyin guoxue pipeline.

Core workflow

  1. Load Volcengine env from C:\Users\Lenovo\.openclaw\workspace\.volcengine_config
  2. Generate 3 vertical keyframes with volcengine-image-studio
  3. Turn each keyframe into a 5s motion shot with volcengine-video-studio
  4. Stitch 3 shots into a ~15s vertical cut with ffmpeg
  5. Generate Chinese voiceover with edge-tts
  6. Mix voice + BGM + subtitles
  7. Publish through skills/douyin-publisher/scripts/publish.py
  8. Verify in Douyin creator backend after publish

Hard rules

  • Do not use a single still image as the full video when the user wants a stronger result
  • Prefer 3 shots; use about 3-5s per shot
  • Always keep output 9:16 vertical
  • Always do a backend verification after publish; do not trust script success text alone
  • When publishing AI-generated work, use the publish flow that goes through:
    • 发文助手
    • 自主声明
    • 添加声明
    • 内容由AI生成

Current validated local components

  • Volcengine image script: skills/volcengine-image-studio/scripts/generate_image.py
  • Volcengine video script: skills/volcengine-video-studio/scripts/generate_video.py
  • Douyin publish script: skills/douyin-publisher/scripts/publish.py
  • Volcengine env file: .volcengine_config
  • Typical BGM asset: generated/guoxue-douyin/final-cuts/guofeng-lite-bgm.wav

Fast execution pattern

1. Load config into current process

PowerShell:

$cfg = Get-Content .\.volcengine_config
foreach($line in $cfg){ if($line -match '^\s*([A-Z0-9_]+)=(.*)$'){ [Environment]::SetEnvironmentVariable($matches[1], $matches[2], 'Process') } }
[Environment]::SetEnvironmentVariable('VOLCENGINE_VIDEO_MODEL','doubao-seedance-1-0-pro-fast-251015','Process')

2. Generate 3 keyframes

Use thematic prompts for shot 1 / shot 2 / shot 3. Keep style consistent:

  • Song-dynasty aesthetics
  • Eastern negative space
  • cinematic light
  • no cartoon
  • no modern city unless requested

3. Generate 3 motion shots

For each generated keyframe:

py -3.11 .\skills\volcengine-video-studio\scripts\generate_video.py "<motion prompt>" --image <cover> --ratio 9:16 --duration 5 --download-dir <dir>

4. Voiceover

edge-tts --voice zh-CN-XiaoxiaoNeural --file <script.txt> --write-media <voice.mp3>

Recommended voices:

  • zh-CN-XiaoxiaoNeural — warm / calm / female
  • zh-CN-YunxiNeural — male / composed / explanatory

5. Final assembly

Use ffmpeg to:

  • trim each shot to ~4.8-4.9s
  • concat 3 shots
  • burn title / line subtitles
  • mix voice + low-volume BGM

6. Publish and verify

Publish with py -3.11 skills/douyin-publisher/scripts/publish.py ...

Then must open creator manage page and confirm the new item appears in the list.

Suggested directory pattern

Store runs under:

generated/guoxue-douyin/<theme>-volcengine/

Example themes:

  • qian-gua-volcengine
  • kun-gua-volcengine
  • tai-gua-volcengine

Read next when needed

  • For prompt structure and reusable shot patterns, read references/prompt-patterns.md
  • For publishing / verification / AI declaration notes, read references/publish-notes.md

Comments

Loading comments...