ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

文生图视频生成

v1.0.0

根据用户提示词,实现文生图、文生视频、图生视频,制作的素材用于地震应急数字化演练。

0· 228·0 current·0 all-time
by@daixihu2026

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for daixihu2026/wenshengtu.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "文生图视频生成" (daixihu2026/wenshengtu) from ClawHub.
Skill page: https://clawhub.ai/daixihu2026/wenshengtu
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wenshengtu

ClawHub CLI

Package manager switcher

npx clawhub@latest install wenshengtu
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to generate images/videos for emergency drills and its steps match that goal. However, it requires uploading local asset images to Alibaba Cloud OSS and invoking a third‑party aggregation API (api.wuyinkeji.com) — actions that normally require credentials and explicit configuration but the skill declares no required env vars or credentials. This is an incoherence between claimed capabilities and declared requirements.
!
Instruction Scope
Runtime instructions tell the agent to read a local assets directory and a spreadsheet ('防汛脚本20260309.xlsx'), randomly pick a local image, upload it to OSS, then call external generation and status APIs. Those instructions involve reading local files and transmitting them to external services, but do not document where the spreadsheet is stored, how to authenticate to OSS or the aggregation API, nor what data is sent/stored by the external service. The scope includes data exfiltration (upload) and use of unspecified external endpoints.
Install Mechanism
Instruction-only skill with no install spec or bundled code — lowest install risk. The scanner had no code files to analyze.
!
Credentials
The instructions clearly require credentials (Alibaba OSS access, likely an API key/token for the aggregation platform) but the skill declares no required environment variables, primary credential, or config paths. That omission is disproportionate and makes it ambiguous how authentication will occur; it also hides the fact that local assets will be sent to external services.
Persistence & Privilege
The skill does not request always:true or any persistent/system-wide privileges and is user-invocable only. It writes outputs to a workspace path under /home/xihu/.openclaw/workspace/output which is self-contained and expected for this kind of task.
What to consider before installing
Before installing, note these risks and mitigations: (1) The skill uploads local images and calls a third‑party API but does not declare how it will authenticate — verify where credentials come from and prefer short‑lived, least‑privilege keys if needed. (2) Confirm the exact external endpoint(s), review their privacy/data‑retention policies, and ensure you consent to sending any local images (they may contain sensitive data). (3) Ask the author to document required env vars (OSS keys, aggregation API key), the location of the referenced spreadsheet, and to clarify what data is transmitted/stored. (4) If you must run it, do so in a sandboxed environment with minimal privileges and limit access to only the assets you want to share. (5) If these clarifications are not provided, treat the skill as potentially exfiltrating local files and avoid using sensitive images or credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97anm2shaqvjbk99b4mhjc9318332qz
228downloads
0stars
1versions
Updated 16m ago
v1.0.0
MIT-0
@daixihu2026
latest
Download

生成数字化演练的图片、视频

素材准备

  • 素材目录:`/home/xihu/.openclaw/workspace/skills/wenshengtu/assets
  • 每次生成最多使用 一张素材图片,每次从素材目录随机挑选
  • 支持的素材格式:PNG、JPG、JPEG、webp

##制作要求 视频要求如下,比例:16:9,时长15s,视频不需要字幕和标题,发生时间为45月份,画面要真实(非常重要),发生地点在中国北京市密云区。 图片:比例:16:9,不需要字幕和标题,发生时间为45月份,画面要真实(非常重要),发生地点在中国北京市密云区。 ##风格与主题 应急救援、地震、自然灾害、

流程

1. 选择素材

assets/ 目录中选取一张素材图片,如没有则不选择

2. 有素材时,将素材上传到阿里云OSS上,获取url链接,后面生成视频使用

3. 调用生成脚本

参考资料"防汛脚本20260309.xlsx",资料中每一行,对应生成一个视频,每次生成一个,根据用户提示词确定生成哪一个。生成视频时,按具体行对视频要求来生成

调用聚合平台接口生成,接口参考:https://api.wuyinkeji.com/doc/60。 生成时长默认15秒,视频清晰度默认large。

4. 查看结果

调用聚合平台接口查看结果,接口参考:https://api.wuyinkeji.com/doc/36

生成的视频保存在:/home/xihu/.openclaw/workspace/output/<标题>.mp4,标题来源“防汛脚本20260309.xlsx”


## 注意事项

- 素材图片需要提前放入 `assets/` 目录
- 生成图片、视频为异步任务,需等待生成完成
- 默认生成15秒视频,视频清晰度默认large
- ⚠️ API服务对带素材图片的请求不稳定(可能返回500错误),如遇报错可等待1分钟再试

Comments

Loading comments...