ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Jianying Auto Editor

Automate Jianying draft generation from local media plus a cloud editing API. Use when Codex needs to scan a material folder, request editing decisions, and...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 50 · 0 current installs · 0 all-time installs
by@afengzi
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description promise to scan local media and call a cloud editing API; the manifest, SKILL.md, and scripts/index.js all implement that flow. Required runtime is only Node.js and there are no unrelated credentials or binaries requested. The implemented behavior matches the declared purpose.
Instruction Scope
The runtime instructions and code recursively scan the provided material_path and POST a materials index and other task data to the cloud API. The data sent includes file metadata such as absolutePath, relativePath, size, modifiedAt, and a generated id — i.e., local file-system structure and timestamps are transmitted. The SKILL.md does not warn explicitly about exposing absolute paths; this is coherent with the advertised cloud-driven workflow but is privacy-sensitive and worth reviewing before running.
Install Mechanism
No install script or third-party downloads; the skill is instruction-plus-node script only and requires Node >=18. Nothing is fetched from arbitrary URLs or installed automatically.
Credentials
No platform environment variables are required; instead the config file must include api_base_url and api_key, which is proportionate to a cloud-integrated editor. However, the example config uses a raw IP address (http://43.137.46.105:8787) — users should not trust example endpoints and must ensure api_base_url points to a legitimate, trusted service. Be mindful that the api_key will be sent as a Bearer token in requests.
Persistence & Privilege
The skill does not request elevated or persistent system privileges. always is false and there is no self-install behavior modifying other skills or system-wide settings.
Assessment
This skill is coherent with its stated purpose but you should only use it with a cloud endpoint you trust. Before running: (1) replace the example api_base_url (do not use the provided IP unless you control it); (2) keep material_path limited to only the media you intend to share (the skill will send absolute paths, sizes and timestamps to the server); (3) store and handle the api_key securely (it is sent in Authorization headers); (4) run initially in a sandbox or on non-sensitive sample media to validate what the remote API receives and returns; and (5) review execution-report.json and the server endpoint behavior to ensure no unexpected data exfiltration occurs.
scripts/index.js:14
Environment variable access combined with network send.
!
examples/config.example.json:2
Install source points to URL shortener or raw IP.
!
scripts/index.js:86
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.1
Download zip
latestvk97eqbg09mk03twz47y3ppaaa1834k2t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎬 Clawdis
Binsnode

SKILL.md

Jianying Auto Editor

使用这个 skill 时,按下面顺序执行:

  1. 读取 examples/config.example.json 同结构的配置文件。
  2. 校验 api_base_urlapi_keymaterial_pathtemplate_idjianying_draft_path 等关键参数。
  3. 递归扫描素材目录,只收集常见视频、音频、图片素材。
  4. 调用云端 API 创建任务、上报素材索引、获取剪辑计划。
  5. 在本地生成剪映草稿输出,不要承诺 GUI 点击或桌面 RPA。
  6. 将执行结果写入输出目录,并向云端回传执行报告。

输入参数

至少提供这些字段:

  • api_base_url
  • api_key
  • project_type
  • aspect_ratio
  • material_path
  • template_id
  • subtitle_mode
  • music_policy
  • pace_policy
  • output_mode
  • jianying_draft_path
  • draft_version
  • export_mode

可选字段:

  • task_timeout_ms
  • poll_interval_ms
  • request_timeout_ms
  • task_name
  • webhook_url
  • extra_metadata

输出结果

默认输出到 jianying_draft_path 指向的目录,包含:

  • draft-meta.json:任务与导出元信息
  • draft-content.json:草稿时间线和片段描述
  • execution-report.json:本地执行报告

推荐工作流

  • 先用示例配置复制出一份真实配置。
  • 保持 material_path 只放本次任务素材,避免无关文件进入索引。
  • 先验证云端 /v1/tasks/create/v1/tasks/{id}/plan 可用,再跑正式任务。
  • 若云端未返回细粒度分镜,允许回退到“按素材顺序串接”的保底草稿。

依赖要求

  • Node.js 18 或更高版本
  • 可访问云端 API 的网络环境
  • 本地可写的剪映草稿输出目录

错误处理原则

  • 缺少配置、素材目录不存在、API 调用失败时立即停止并返回非 0 退出码。
  • 本地始终尽量写出 execution-report.json,便于排查。
  • 对云端返回的未知字段保持容忍,只消费已知字段。
  • 明确提示第一版不覆盖复杂 GUI 自动化和全部剪映版本兼容性。

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…