ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Huo15 Comic Bgm

v0.1.0

根据剧本整体 mood 生成一首 BGM(Suno v5),时长匹配总时长,国风优先(古筝/琵琶/笛子)。触发词:BGM 生成、背景音乐、配乐。

0· 34·0 current·0 all-time
byJob Zhao@zhaobod1

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zhaobod1/huo15-comic-bgm.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Huo15 Comic Bgm" (zhaobod1/huo15-comic-bgm) from ClawHub.
Skill page: https://clawhub.ai/zhaobod1/huo15-comic-bgm
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install huo15-comic-bgm

ClawHub CLI

Package manager switcher

npx clawhub@latest install huo15-comic-bgm
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose — generate a single Suno BGM matched to script mood/duration — matches the bgm.py implementation. However the registry metadata claims no required environment variables while the runtime code requires SUNO_API_KEY. Additionally the repo includes a shared ark_api module that demands ARK_API_KEY at runtime if used; that API is unrelated to BGM generation and its presence is surprising.
Instruction Scope
SKILL.md instructs running scripts/bgm.py with a script.json, duration, and output path and documents prompt/fallback behavior. The runtime instructions and code operate only on the provided script file, call the Suno API, and fall back to local templates — they do not ask to read unrelated system files or exfiltrate data beyond fetching the generated audio URL.
Install Mechanism
No install spec is present (instruction + bundled Python scripts). Nothing in the install surface downloads or executes arbitrary external archives; dependencies are standard Python files and an HTTP client (requests).
!
Credentials
bgm.py requires a SUNO_API_KEY (checked at runtime) but the skill metadata declared no required env vars — this is an inconsistency that could surprise users. The repository also contains ark_api.py which raises if ARK_API_KEY is missing; while ark_api isn't used by bgm.py, its presence increases the apparent credential surface. Asking for a single Suno API key is proportionate, but metadata must declare it and the unrelated ARK_API_KEY requirement in shared code should be documented or removed.
Persistence & Privilege
The skill writes output BGM files to the specified --out path and the shared helpers may persist project-level files: .cost.json (CostGuard) and .checkpoint.json (Checkpoint) in the project directory. always:false and no system-wide changes are requested. This file persistence is expected for a content-generation workflow but users should be aware these files are created beside outputs.
What to consider before installing
Before installing or running this skill: (1) expect to provide a SUNO_API_KEY (Suno via third-party api.sunoapi.org) — the skill will fail without it despite metadata claiming none; ask the author to update metadata to list SUNO_API_KEY. (2) Review the bundled shared modules (ark_api.py) — they reference other service credentials (ARK_API_KEY) which are not needed for BGM but could confuse users; confirm these won't be invoked in your workflow. (3) Run the skill in an isolated environment or sandbox and avoid supplying high-privilege credentials. (4) Be aware it will write output audio files and small state files (.cost.json, .checkpoint.json) into the project directory. (5) Verify you trust the third-party Suno provider (api.sunoapi.org) before giving any API key and confirm the stated cost model (≈¥3/track). If the author cannot justify the missing metadata or the presence of unrelated API clients, treat the package cautiously.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a3mz5hdj9zbb30szyrgpbwh85ntrk
34downloads
0stars
1versions
Updated 1d ago
v0.1.0
MIT-0
Job Zhao@zhaobod1
latest
Download

火15 漫剧-背景音乐 Skill

整片一首 BGM,FFmpeg 混音时压到 -20dB。

输入 / 输出

python scripts/bgm.py \
  --script output/demo/script.json \
  --duration 240 \
  --out output/demo/bgm.mp3

Suno prompt 模板

# 从 scenes 抽取 mood 词频,取 top 3
moods = ["苍凉", "壮阔", "激昂"]  # e.g.
prompt = f"国风古风纯音乐,{', '.join(moods)}氛围,古筝为主旋律,点缀琵琶和笛子,时长 {duration}秒"

降级

Suno 不可用时,fallback 到 templates/bgm_library/国风/{mood}.mp3 本地素材。

成本

¥3/首,整片固定。

Comments

Loading comments...