ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Qwen Video Generator

v1.0.2

阿里云百炼文生视频工具。使用 wan2.2-t2v-plus 模型将文本描述生成视频。**当以下情况时使用此 Skill**:(1) 用户需要根据文字描述生成视频 (2) 用户提到"文生视频"、"生成视频"、"AI视频"、"text to video" (3) 需要创建短视频内容 (4) 需要可视化场景描述。支持...

0· 109·0 current·0 all-time
byMarvin@imnull

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for imnull/qwen-video-generator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Qwen Video Generator" (imnull/qwen-video-generator) from ClawHub.
Skill page: https://clawhub.ai/imnull/qwen-video-generator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install qwen-video-generator

ClawHub CLI

Package manager switcher

npx clawhub@latest install qwen-video-generator
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Qwen text→video via Aliyun/DashScope) align with the included script that posts to dashscope.aliyuncs.com and downloads a generated video. However, the skill registry metadata declared no required environment variables or credentials while the SKILL.md and script require an API key (DASHSCOPE_API_KEY_VIDEO / DASHSCOPE_API_KEY). This mismatch is unexpected.
Instruction Scope
SKILL.md and the script are consistent: they instruct running scripts/generate_video.py, pass prompt/size/length, poll an API, download the resulting video, and save it to a workspace directory. The instructions do not ask the agent to read unrelated system files or exfiltrate arbitrary data beyond calling the documented API endpoints.
Install Mechanism
There is no install spec (instruction-only + one script). No packages are downloaded or executed at install time. The single Python script will run at invocation; this is low install-time risk.
!
Credentials
The script requires an API key (DASHSCOPE_API_KEY_VIDEO or DASHSCOPE_API_KEY) and supports VIDEO_OUTPUT_DIR/VIDEO_OUTPUT_SIZE/VIDEO_OUTPUT_LENGTH, but the registry metadata lists no required env vars or primary credential. SKILL.md also omits mention of OPENCLAW_WORKSPACE which the script reads to default the output path. The absent declaration of the API key in metadata is a meaningful inconsistency (credentials should be declared).
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and only writes output files to its own output directory. It sets file permissions to 0644 for usability; this is within expected scope.
What to consider before installing
This skill appears to be a straightforward text-to-video client that calls DashScope (dashscope.aliyuncs.com) and downloads the resulting MP4. Before installing: 1) Verify the publisher/source (no homepage provided) and confirm dashscope.aliyuncs.com is the intended service. 2) Expect to provide an API key (DASHSCOPE_API_KEY_VIDEO or DASHSCOPE_API_KEY); the registry omitted declaring this — ask the publisher to add it to metadata so the platform can treat the secret properly. 3) Limit the API key's scope and rotate it if possible; do not reuse high-privilege keys. 4) The script writes files to workspace/videos (or OPENCLAW_WORKSPACE/videos if VIDEO_OUTPUT_DIR unset) and sets 0644 permissions — ensure that directory is acceptable and does not expose sensitive data. 5) If you need higher assurance, run the script in an isolated environment and inspect network calls (it only calls dashscope endpoints) or request the publisher's official docs/homepage. The code shows no other obvious exfiltration, but the metadata omission of required credentials is the primary red flag.

Like a lobster shell, security has layers — review code before you run it.

latestvk9704fy9ahx2zg2t34b0kwxynh83wb5d
109downloads
0stars
3versions
Updated 4w ago
v1.0.2
MIT-0
Marvin@imnull
latest
Download

Qwen Video Generator - 百炼文生视频

将文本描述转换为视频内容。

环境变量配置

变量说明默认值
DASHSCOPE_API_KEY_VIDEO视频专用 API Key (优先)-
DASHSCOPE_API_KEY通用 API Key (备用)-
VIDEO_OUTPUT_DIR视频输出目录workspace/videos/
VIDEO_OUTPUT_SIZE分辨率: 480=832×480, 1080=1920×1080480
VIDEO_OUTPUT_LENGTH视频秒数 (1-15)5

推荐配置 (~/.zshenv):

export DASHSCOPE_API_KEY_VIDEO=your_api_key
export VIDEO_OUTPUT_DIR=/path/to/videos
export VIDEO_OUTPUT_SIZE=1080
export VIDEO_OUTPUT_LENGTH=5

快速开始

# 使用环境变量配置,简洁调用
python3 scripts/generate_video.py --prompt "你的视频描述"

命令行参数

参数说明默认值
--prompt, -p视频描述文本 (必填)-
--size, -s分辨率: 480/1080 或完整格式环境变量
--length, -l视频时长 (1-15秒)环境变量
--model, -m模型名称wan2.2-t2v-plus
--no-prompt-extend禁用prompt自动扩展False
--timeout, -t最大等待秒数600

使用示例

# 基础用法 (使用环境变量)
python3 scripts/generate_video.py --prompt "一只猫在草地上奔跑"

# 命令行覆盖分辨率和时长
python3 scripts/generate_video.py \
  --prompt "日落时分的海滩" \
  --size 1080 \
  --length 10

# 详细场景描述
python3 scripts/generate_video.py --prompt "低对比度,复古70年代地铁站,街头音乐家穿旧式夹克弹吉他,通勤者匆匆走过,镜头慢慢向右移动"

支持的分辨率

简写完整格式说明
480832×480默认,适合快速预览
10801920×1080高清,推荐使用

其他支持: 1080×1920, 1440×1440, 1632×1248, 1248×1632, 480×832, 624×624

Prompt 编写建议

  1. 描述场景: 包含地点、时间、氛围
  2. 主体动作: 清晰描述主体在做什么
  3. 视觉风格: 光线、色彩、质感
  4. 镜头运动: 推拉摇移等
  5. 细节元素: 背景中的物品、人物

输出

  • 输出目录: $VIDEO_OUTPUT_DIRworkspace/videos/
  • 文件命名: video_YYYYMMDD_HHMMSS_hash.mp4
  • 最后一行输出 VIDEO_PATH:完整路径 供程序解析

Comments

Loading comments...