ClawHub

Youtube Factory

v1.3.0

Generate complete YouTube videos from a single prompt - script, voiceover, stock footage, captions, thumbnail. Self-contained, no external modules. 100% free...

27· 4.2k·21 current·21 all-time
by@mayank8290
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (generate videos) matches the declared binaries (ffmpeg, edge-tts) and the single required credential (PEXELS_API_KEY) used to fetch stock footage. Requesting a Pexels API key is expected for automatic B-roll retrieval.
Instruction Scope
SKILL.md and the script operate locally (write to ~/Videos/OpenClaw, create thumbnails, run ffmpeg/edge-tts, call Pexels API). The instructions ask you to install pip packages (requests, pillow, python-dotenv) that the code largely uses (requests, PIL used later) — but SKILL.md claims "self-contained, no external modules" which is inaccurate. Also note edge-tts performs TTS via Microsoft endpoints (network calls) even though no auth is required; SKILL.md does not explicitly mention that voice synthesis goes to Microsoft servers.
Install Mechanism
There is no automated install script in the registry (instruction-only). SKILL.md recommends brew/pip commands; those are standard package installs rather than fetching arbitrary code from unknown URLs. No download/extract of remote archives by the registry installer.
Credentials
Only PEXELS_API_KEY is required as a primary credential; optional envs (OUTPUT_DIR, DEFAULT_VOICE) are reasonable. The code reads a single config path (~/.openclaw-video-skills/config.env) and explicitly whitelists allowed keys before injecting into the environment.
Persistence & Privilege
always is false and the skill does not request elevated or system-wide privileges. It creates files in user directories and its own config file as expected, and does not modify other skills or agent-wide settings.
Assessment
This skill is largely coherent for its stated purpose, but review these before installing: - Provide only a Pexels API key (no other secrets) and be comfortable that the skill will call the Pexels API and download video files into ~/Videos/OpenClaw/. If you prefer, run it in a VM or sandbox first. - The SKILL.md claim "self-contained, no external modules" is misleading — you will install Python packages (requests, pillow) and a pip tool (edge-tts). edge-tts performs network calls to Microsoft TTS endpoints; your text will be sent to that service for synthesis. - The script validates stock URLs against a short allowlist (pexels domains). In practice Pexels video file links may be hosted on CDN domains; that validation may cause downloads to fail. If you plan to rely on automatic B-roll fetching, test the workflow. - The code uses subprocess to run ffmpeg/ffprobe/edge-tts. Ensure these binaries are from trusted sources and updated; running ffmpeg on untrusted inputs can have risks. - If you need stronger assurance, review the remainder of youtube_factory.py (it was partially truncated in the package preview) to confirm there are no hidden network endpoints or data-exfiltration paths, and consider running the script with a limited/sandboxed environment and a throwaway Pexels key initially. Given these caveats the skill appears to do what it claims rather than performing unrelated actions, but exercise standard caution when installing tooling that runs media processing and network requests.

Like a lobster shell, security has layers — review code before you run it.

latestvk978fvkpbbzvww5dqspyhqntfx817566

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsffmpeg, edge-tts
EnvPEXELS_API_KEY
Primary envPEXELS_API_KEY

Comments