免费的ai视频生成创作平台(Video Generation Skill),支持生成视频、图片、声音、视频动作模仿、视频人物替换等等。九马AI官网:https://www.jiuma.com
Security Analysis
high confidenceThe skill's code, instructions, and external calls are consistent with a video-generation client for api.jiuma.com; it stores a service token in the system keyring and uploads user-specified files to the provider, which is coherent with its purpose.
Name/description advertise AI video generation and included scripts (auth, upload, submit task, check status, result) interact exclusively with https://api.jiuma.com endpoints to authorize, upload media, submit generation tasks, and query results. Required capabilities (keyring token storage, HTTP calls, file upload) align with the stated purpose.
Runtime instructions tell the user/agent to run the provided Python scripts from the skill workspace. The scripts will: (a) read and write a token in the system keyring, (b) open and stream user-supplied local files for upload (upload_file.py uses open(os.path.expanduser(file_path),'rb')), and (c) send requests to the jiuma API. This behavior is expected for an upload-and-submit client, but note that any local file path passed to upload_file.py will be read and uploaded to the external service — only supply files you intend to upload.
No automated install spec; SKILL.md recommends installing keyring and keyrings.alt via pip. There are no downloads from untrusted URLs or archive extraction steps. The install instructions are minimal and appropriate for the code.
The skill requests no environment variables or external credentials. It uses the system keyring to persist a service token (key 'jiuma_ai' / 'authorized_token'), which is proportional to needing a bearer token for the provider API. Network calls are limited to api.jiuma.com which matches the skill's claimed backend.
The skill is not always-enabled and does not modify other skills or global agent settings. Its only persistent effect is storing a service token in the user's system keyring, which is a reasonable design choice for an API client but worth noting.
Guidance
This skill appears coherent for connecting to Jiuma's video-generation API. Before installing or running: (1) verify that api.jiuma.com is the intended official endpoint for the service you expect; (2) be aware the scripts will store an API bearer token in your system keyring — revoke it at the provider if you stop using the skill; (3) only upload local files you trust and explicitly provide as arguments (the skill will read any file path you pass to upload_file.py); (4) run the scripts in a trusted or isolated environment if you are concerned about data leakage; (5) the skill suggests installing keyring via pip — prefer creating a virtual environment before installing Python packages. If you need higher assurance, ask the skill author for documentation of the API and token lifecycle (how to revoke tokens) or run the code in a sandbox first.
Latest Release
v1.0.8
- Updated all command-line code examples to use the correct skill folder name jiuma-ai-video-generation. - Added repeated reminders to adapt command-line path syntax based on the user's operating system, especially for Windows users. - Revised "任务类型(task_type)" descriptions and examples, including new naming such as "wan2.6(ref2video)" and "wan2.6(text2video)". - Improved clarity and accuracy in task parameter explanations and usage instructions. - Added and highlighted multiple "重要" (Important) sections to prevent path and OS-related errors for end-users.
Popular Skills
Published by @github-gamma on ClawHub
