by 安全扫描
OpenClaw
可疑
medium confidenceThe skill largely does what it says (send an image+prompt to kameo.chat), but there are several inconsistencies and undisclosed external dependencies (notably a prompt-enhancement flow that uploads images to Google's GenAI API and hardcoded API keys in docs), so you should inspect and control credentials and network calls before using it.
评估建议
Things to consider before installing or running this skill:
- Do not run the scripts blindly. Review generate_video.sh / enhance_prompt.sh / register.sh before executing.
- The skill requires a KAMEO_API_KEY (env or ~/.config/kameo/credentials.json) though the registry metadata omitted that. Set a dedicated key you control, and be ready to revoke it if needed.
- The enhance_prompt.sh script uploads your image to Google Generative Language (Gemini) and requires GOOGLE_API_KEY. If you don't want ...详细分析 ▾
⚠ 用途与能力
The scripts implement the stated purpose (encode an image, call api.kameo.chat/generate), which is coherent. However the published registry metadata says no required env vars or binaries, while package.json lists required binaries (curl, jq, base64) and the scripts actually expect KAMEO_API_KEY (env or ~/.config/kameo/credentials.json) and optionally GOOGLE_API_KEY for prompt enhancement — these required credentials/env vars are not declared in the skill metadata, which is inconsistent.
⚠ 指令范围
Runtime instructions & scripts do more than just call Kameo: the enhance_prompt.sh script uploads the user's image to Google Generative Language (Gemini) using GOOGLE_API_KEY, and register.sh interacts with a Supabase instance to create accounts/keys. These external calls mean user images and credentials may be transmitted to services beyond api.kameo.chat; that behaviour is not fully documented in the skill metadata and is potentially privacy-sensitive.
ℹ 安装机制
There is no install spec (instruction-only), which minimizes arbitrary code downloads. However the package ships multiple shell scripts that will run locally; the lack of an install step is low risk in itself but you still must review and run these scripts manually. package.json lists required binaries (curl, jq, base64) which the runtime scripts actually use — the registry metadata omitted these.
⚠ 凭证需求
The scripts require KAMEO_API_KEY (and will read/write ~/.config/kameo/credentials.json). The prompt-enhancement path requires GOOGLE_API_KEY (used to call Gemini) but the skill metadata does not declare it. Additionally, the SKILL.md/USAGE.md embed a plaintext API key string (kam_...), which may be a leaked or placeholder credential — having a key visible in docs is risky. register.sh relies on SUPABASE_URL and SUPABASE_ANON_KEY placeholders; if these are left pointing to a third-party project they could send user credentials to an external Supabase instance.
✓ 持久化与权限
The skill is not always-enabled and does not request elevated platform privileges. It stores its own API key into ~/.config/kameo/credentials.json (chmod 600) which is normal for CLI helpers. It does not attempt to modify other skills or system-wide settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/2/4
- Updated documentation examples to use a new API key format. - No changes to code or features.
● 无害
安装命令 点击复制
官方npx clawhub@latest install kameo
镜像加速npx clawhub@latest install kameo --registry https://cn.clawhub-mirror.com
技能文档
Transform static images into expressive talking-head videos with realistic motion and lip-sync.
Quick Start
scripts/generate_video.sh [output_file]
Example:
scripts/generate_video.sh avatar.jpg "Hello, I am an AI assistant" output.mp4
What It Does
- Takes a static image (portrait/avatar)
- Adds realistic facial motion, expressions, and lip-sync based on your prompt
- Generates 5-second video in 9:16, 16:9, or 1:1 aspect ratio
- Returns CDN URL instantly (processing ~10-30 seconds)
Authentication
Set your Kameo API key:
export KAMEO_API_KEY="kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs"
Or store in ~/.config/kameo/credentials.json:
{
"api_key": "kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs"
}
Getting an API Key:
- Register at kameo.chat (requires email verification)
- Login to get JWT token
- Create API key via
/api/public/keysendpoint - Or use the registration helper:
scripts/register.sh
Prompt Engineering
Basic Prompts (Simple)
Just the dialogue:
"Hello, I'm here to help you today"
"こんにちは、私はガッキーです。愛してます。"
Works but results are generic.
Enhanced Prompts (Recommended)
Format:
[Detailed scene/environment], [person's complete appearance and expression], speaking in [tone], "[DIALOGUE]". [Camera and lighting details].
Example:
In a bright outdoor winter setting with soft, overcast daylight, a young woman with long dark hair wearing a white knitted winter hat with ear flaps and a colorful patterned sweater stands centered in frame. She looks directly into the camera with a warm, genuine smile, her eyes crinkling with joy, speaking in a cheerful, affectionate tone, "こんにちは、私はガッキーです。愛してます。" The scene is captured in a medium close-up shot, framed at eye level. The lighting is natural and diffused from above, creating soft, even illumination.
Why Enhanced Prompts Matter:
- Better facial expressions matching the scene context
- More natural motion and gestures
- Improved lip-sync quality
- Contextual emotional delivery
Prompt Enhancement Workflow
For best results, use vision AI to analyze the image first:
- Feed the image to a vision model (Gemini, GPT-4V, Claude)
- Ask it to describe the scene in cinematic detail
- Insert your dialogue into the description
- Use the enhanced prompt for Kameo
See: scripts/enhance_prompt.sh for automated enhancement.
API Details
Base URL: https://api.kameo.chat/api/public
Generate Video
curl -X POST https://api.kameo.chat/api/public/generate \
-H "X-API-Key: kam_I3rdx43IymFNbfBw1c0ZbSc7o3aUfQgz8cljZA6T7fs" \
-H "Content-Type: application/json" \
-d '{
"image_base64": "",
"prompt": "Your detailed prompt here",
"seconds": 5,
"aspect_ratio": "9:16"
}'
Parameters:
image_base64(required): Base64-encoded JPEG/PNGprompt(required): Dialogue and/or scene descriptionseconds(optional): 5 (default) or 10aspect_ratio(optional): "9:16" (default), "16:9", or "1:1"
Response:
{
"job_id": "uuid",
"status": "completed",
"video_url": "https://cdn.kameo.chat/videos/{uuid}.mp4",
"duration_seconds": 5,
"processing_time_ms": 15000
}
Check Credits
curl -H "X-API-Key: kam_..." \
https://api.kameo.chat/api/public/credits
Response:
{
"permanent_credits": 294,
"subscription_credits": 0,
"total_available": 294
}
Pricing
curl https://api.kameo.chat/api/public/pricing
Cost: 3 credits per video
Performance
- Processing time: 8-35 seconds (depends on aspect ratio and queue)
- 9:16 (portrait): ~30-35s
- 16:9 (landscape): ~15-20s
- 1:1 (square): ~10-15s
Best Practices
- Optimize image size - Resize large images before encoding (saves bandwidth, faster upload)
ffmpeg -i large.jpg -vf scale=720:-1 optimized.jpg
- Use descriptive prompts - Enhanced prompts = better results
- Choose aspect ratio wisely
- Monitor credits - Check balance with
scripts/check_credits.sh
Limitations
- CDN access: Video URLs may have time-limited access or require authentication
- Download: Videos may return 403 when downloaded via curl (use browser or authenticated session)
- Rate limits: 10 generations per minute
Troubleshooting
"401 Unauthorized"
- Check your API key is set correctly
- Verify key hasn't been revoked
"402 Insufficient credits"
- Check credit balance:
scripts/check_credits.sh - Need to add credits at kameo.chat
"Timeout errors"
- 9:16 videos take longer (~30s)
- Increase timeout in scripts
- Retry if server is busy
"403 when downloading video"
- CDN URLs may be time-limited
- Try accessing in browser immediately after generation
- Or save the base64 response if available
Use Cases
- AI character videos - Bring bot avatars to life
- Social media content - Dynamic profile videos
- Demos and presentations - Talking product demos
- Educational content - Video tutorials with AI presenters
- Multilingual content - Same avatar speaking different languages
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制