ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Huo15 Comic Orchestrator

v0.1.0

一键生成 3-5 分钟国风 AI 漫剧。主题→分幕剧本→角色卡→分镜关键帧→图生视频→TTS 配音→对口型→BGM→字幕→拼接成片。自带三级成本熔断(硬限/预警/降级建议),支持失败续跑。触发词:AI 漫剧、生成漫剧、国风漫剧、仙侠短剧、comic drama、做漫剧。

0· 67·0 current·0 all-time
byJob Zhao@zhaobod1

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zhaobod1/huo15-comic-orchestrator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Huo15 Comic Orchestrator" (zhaobod1/huo15-comic-orchestrator) from ClawHub.
Skill page: https://clawhub.ai/zhaobod1/huo15-comic-orchestrator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install huo15-comic-orchestrator

ClawHub CLI

Package manager switcher

npx clawhub@latest install huo15-comic-orchestrator
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description (generate 3–5 min AI comic drama) aligns with its code: it orchestrates script → assets → video/TTS/lipsync → edit. However, the bundled code (scripts/_shared/ark_api.py and config.py) requires external service access (Volcengine/Ark, Kling, Suno) and expects an ARK_API_KEY environment variable, but the skill metadata declares no required env vars or primary credential. That omission is an incoherence: a media-generation orchestrator legitimately needs API credentials, so they should be declared.
Instruction Scope
SKILL.md instructs the agent to run local scripts and to collect user inputs and confirmations; it emphasizes cost preflight and checkpointed resumability. That scope is appropriate. But instructions and run.py will invoke child scripts that perform network calls to external APIs (ark/kling/suno). The SKILL.md suggests skipping SDK calls via prewritten script.json (SCRIPT_PREWRITTEN=1), which is useful, but the runtime instructions do not call out the required cloud credentials or network endpoints — this lack of explicit credential/network guidance is a concern.
Install Mechanism
There is no install spec and no remote download/install step — the skill is instruction/code-only. This lowers install-time risk (nothing fetched automatically). The orchestrator runs local Python scripts and uses subprocess to call sibling skill scripts; that is expected for a local monorepo-style orchestrator.
!
Credentials
The code requires ARK_API_KEY (ArkClient raises if missing) and references other endpoints (kling/suno) which likely need credentials, but the skill metadata lists no required env vars. Requiring cloud API keys is proportional to the purpose, but failing to declare them in the metadata is a mismatch that may surprise users and can lead to accidental credential leakage if not handled explicitly.
Persistence & Privilege
The skill writes project artifacts and local state (.checkpoint.json, .cost.json, output/...), which is expected for a pipeline orchestrator. It does not request always:true or attempt to modify other skills' configs. Subprocess execution runs sibling scripts but only within the repo layout; this is expected behavior for an orchestrator but means executed code must be trusted.
What to consider before installing
This skill appears to do what it claims, but pay attention before installing or running it: - Credential disclosure: the code expects an ARK_API_KEY (and references Kling/Suno endpoints). The skill metadata did not declare these required env vars. Do not provide cloud API keys until you confirm which keys are needed and where they are used. - Network calls: the orchestrator will call external media APIs (image/video/tts/lipsync). If you must keep data private, do not run it on sensitive data or ensure your environment/network policy allows these calls. - Code execution: run.py uses subprocess to execute sibling scripts (../huo15-comic-*/scripts/*.py). That executes arbitrary Python code from those directories — only run this orchestrator in a trusted repository or in an isolated/containerized environment. - Safer options: to avoid API usage and network calls, use the recommended 'Agent direct-write' flow (prewrite script.json and set SCRIPT_PREWRITTEN=1) or inspect/modify child scripts to disable network calls. Test with a small project and a low cost_cap first. What would change the assessment: if the publisher updates metadata to list required env vars (e.g., ARK_API_KEY, KLING_API_KEY, SUNO_API_KEY) and documents exactly which external endpoints are used and why, and/or if the package removed implicit assumptions about sibling directories (or bundled all required child skills), the mismatch would be resolved and the skill would look coherent.

Like a lobster shell, security has layers — review code before you run it.

latestvk970tvj2cqfm64cbtsh84kvv6x85eak0
67downloads
0stars
1versions
Updated 4d ago
v0.1.0
MIT-0
Job Zhao@zhaobod1
latest
Download

火15 AI 漫剧编排器

主入口 skill,串起家族其他 8 个子 skill 完成 3-5 分钟国风漫剧生成。

⚠️ 硬规则

  1. 成本熔断优先:开工前估算超 cost_cap 立即阻止,不得强行继续
  2. 用户确认闸门:估算出来后必须等用户"确认"/"开始"再执行
  3. 国风为默认:不强制改风格时默认 三渲二国风 + 仙侠
  4. Checkpoint 续跑:任何失败都从 .checkpoint.json 恢复,不重做已完成步骤

一、家族依赖

子 skillStep本 skill 如何调用
huo15-comic-script1python ../huo15-comic-script/scripts/script_gen.py
huo15-comic-character2python ../huo15-comic-character/scripts/character.py
huo15-comic-storyboard3python ../huo15-comic-storyboard/scripts/storyboard.py
huo15-comic-video4python ../huo15-comic-video/scripts/video.py
huo15-comic-dub5python ../huo15-comic-dub/scripts/dub.py
huo15-comic-lipsync6python ../huo15-comic-lipsync/scripts/lipsync.py
huo15-comic-bgm7python ../huo15-comic-bgm/scripts/bgm.py
huo15-comic-edit8python ../huo15-comic-edit/scripts/edit.py

二、Agent 工作流

Step 0:收集输入

必填:theme(主题一句话)、duration_total(秒数,180/240/300) 可选:stylegenrecharacter_hintscost_capenable_lipsync

Step 1:预估成本(硬熔断点)

from _shared.cost_guard import estimate_total, CostGuard, BudgetExceeded

n_scenes = duration_total // 5
est = estimate_total(
    n_scenes=n_scenes, n_characters=3, total_chars=800,
    resolution=resolution,   # 720p 默认 / 1080p 贵 2.3×
    fast=fast_mode,          # seedance-fast 打 5 折
    enable_lipsync=enable_lipsync,
    enable_bgm=enable_bgm,
)
guard = CostGuard(cap=cost_cap or 600.0, project_dir=project_dir)
try:
    guard.preflight(est["total"])
except BudgetExceeded as e:
    # 立即报给用户降级建议,等用户选择
    report_to_user(str(e))
    return

Step 2:向用户确认

收到!将生成 {duration_total}s 国风漫剧({n_scenes} 镜头)
主题:{theme}
风格:{style} / 类型:{genre}
预估成本:
  · 剧本  ¥0.00(本地)
  · 角色  ¥{image}
  · 视频  ¥{video}
  · TTS   ¥{tts}
  · 口型  ¥{lipsync}
  · BGM   ¥{bgm}
  · 合计  ¥{total}(熔断上限 ¥{cap})
确认开始吗?

Step 3-10:按顺序调用子 skill

每步前 checkpoint 查重(if cp.is_done(step): skip),每步后 guard.charge(step, item, cost),触发预警即告知用户,触发熔断即停并给降级方案。

Step 11:交付

输出 output/{project_slug}/final.mp4 路径、实际成本、耗时。

三、主入口脚本

scripts/run.py

python scripts/run.py \
  --theme "少年剑仙三年归来" \
  --duration 240 \
  --style 三渲二国风 \
  --genre 仙侠 \
  --cap 600

详见 scripts/run.py

四、熔断降级策略

_shared/cost_guard.pyBudgetExceeded 抛出时,默认提供 5 选 1:

  1. 缩短总时长
  2. 减少镜头数
  3. 关闭对口型(省 ~10%,Kling 2.6 便宜后此项影响小)
  4. 启用 --fast(seedance-fast 打 5 折,视频占大头,省 ~40%)
  5. 降 resolution:1080p → 720p 省 ~60% 视频费;720p → 480p 再省 ~50%
  6. 提升 cost_cap

Agent 必须让用户二次确认任何降级,不得自动降级。

成本主导因素(720p 基线)

视频占比最高(~85%)→ 优先调视频参数:

  • fast=True → 视频减半
  • resolution=480p → 视频再减半
  • scene_duration=4 → 视频线性减 20%

Lipsync 成本从 2026-04 起大幅下降(Kling 2.6: ¥0.72/5s),不再是大头。

五、Agent 直写剧本模式(推荐)

不建议scripts/script_gen.py 调 Anthropic SDK 生成剧本,因为:

  1. Claude(即本 Agent)就是 LLM 本体,再开 SDK 调自己是冗余
  2. script_gen.py 走 SDK 要消耗 token,Agent 直写不花钱

推荐流程:Agent 按 huo15-comic-script/SKILL.md 的 JSON schema 直接写 script.jsonoutput/{slug}/,然后:

# 跳过 LLM 调用,只校验
python huo15-comic-script/scripts/script_gen.py \
  --theme "..." --duration 240 \
  --input-json output/{slug}/script.json \
  --out output/{slug}/script.json

run.py 支持 SCRIPT_PREWRITTEN=1 环境变量跳过 SDK 调用路径。

Demo 见 examples/demo-xianxia-180s.json

六、Checkpoint 续跑

output/{project}/.checkpoint.json 记录每步与镜头级状态:

{
  "script": "done",
  "characters": "done",
  "storyboard": "done",
  "videos": "running",
  "videos.S01": "done",
  "videos.S02": "done",
  "videos.S03": "running",
  ...
}

重启时扫描,从 next_pending() 续跑,已完成镜头不重做。

Comments

Loading comments...