ClawHub
Code Pluginsource linked

OpenClaw ShortDrama Pluginv1.0.4

OpenClaw plugin that exposes the shortdrama workflow as a native tool

openclaw-shortdrama-plugin·runtime shortdrama·by @sqsge
Community code plugin. Review compatibility and verification before install.
openclaw plugins install clawhub:openclaw-shortdrama-plugin
Latest release: v1.0.4Download zip

Capabilities

Tags
executes-code
configSchema
Yes
Executes code
Yes
HTTP routes
0
Runtime ID
shortdrama

Compatibility

Built With Open Claw Version
2026.3.24-beta.2
Min Gateway Version
2026.3.24-beta.2
Plugin Api Range
>=2026.3.24-beta.2
Plugin Sdk Version
2026.3.24-beta.2
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and many code files clearly require a BytePlus/ARK API key and network access to BytePlus ARK APIs, but the registry metadata at the top lists "Required env vars: none". The shipped openclaw.plugin.json does declare providerAuthEnvVars for byteplus/byteplus-plan, which is consistent with the plugin's purpose — the mismatch between the registry summary and the package contents is incoherent and worth attention.
Instruction Scope
The runtime instructions and wrapper scripts keep execution local to the plugin and the WORK_ROOT and state they will only read host-level secrets if SHORTDRAMA_ALLOW_HOST_ENV=1. The wrapper and node tool pass through a list of environment variables (BYTEPLUS_API_KEY, ARK_API_KEY, SEEDANCE_API_KEY, LLM_MODEL, IMAGE_MODEL, etc.) to the Python subprocess when present. The Python scripts make outbound HTTP calls to BytePlus endpoints and may download image URLs to disk; they also contain interactive prompts in some helper scripts. Nothing in the instructions instructs the agent to access unrelated host files, but enabling SHORTDRAMA_ALLOW_HOST_ENV expands what will be read.
Install Mechanism
No external install spec was included (no arbitrary download URLs). The provided bash wrappers create a Python venv and run pip install -r workflow-core/requirements.txt (the package claims requirements.txt is empty/offline-friendly). This is a low-to-moderate install footprint but the package includes a significant Python codebase (openclaw_entry.py and many scripts) that will be written to disk as part of normal plugin installation.
Credentials
The runtime legitimately requires a BytePlus/ARK API key for its stated image/video generation purpose. The code also accepts an optional SEEDANCE_API_KEY and a range of model/config env vars. These are proportionate to the media-generation workflow. The concern is the package metadata omission of required env vars in the registry summary and the opt-in SHORTDRAMA_ALLOW_HOST_ENV which, if enabled, will allow the plugin to load host-level env (~/.openclaw/.env) and expose additional host secrets to the workflow.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges. It registers a tool entry and runs as a user-invoked/native tool. It does not modify other skills' configs or demand permanent presence. The only notable privilege is the optional host-env opt-in which the user must explicitly enable.
What to consider before installing
This plugin implements a local short-drama production pipeline that needs a BytePlus API key and network access; that is consistent with its function, but the package metadata omitted declaring required env vars — treat that as a red flag. Before installing: 1) Inspect workflow-core/scripts/openclaw_entry.py (and other large Python files) for any unexpected behavior or external endpoints you don't recognize. 2) Do not set SHORTDRAMA_ALLOW_HOST_ENV=1 unless you intentionally want the plugin to load host-level secrets (~/.openclaw/.env). 3) Keep the plugin-local .env separate; only put the BytePlus key there and limit its scope in BytePlus console if possible. 4) Run the plugin in an isolated environment or sandbox first (or with a limited/regenerate-able API key) so you can revoke the key if something unexpected happens. 5) If you want a deeper review, provide the content of openclaw_entry.py and any other truncated Python files for inspection.
src/shortdrama-tool.ts:94
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/sqsge/openclaw-shortdrama-plugin
Commit
6a32582dd1bc
Tag
6a32582dd1bcad468249f78f9f2d1ec340a2942e
Provenance
No
Scan status
pending

Tags

latest
1.0.4

OpenClaw ShortDrama Plugin

Native OpenClaw plugin that exposes the short drama workflow as a native tool. The plugin acceptance target is the local OpenClaw workflow.

For the full packaging, runtime, and release checklist, see PLUGIN_GUIDE.md.

What it does

  • Registers a native shortdrama_generate tool for the fixed production pipeline
  • Keeps the core plugin acceptance path local and tool-first
  • Intended to reuse OpenClaw's bundled byteplus provider instead of defining a duplicate provider plugin
  • Runs the workflow against a plugin-local workflow/ work root instead of a legacy bundled runtime directory
  • Keeps media prompts fictional-only: no real-person likeness, no celebrity resemblance, and no documentary-style human reference look

Requirements

  • python3
  • ffmpeg
  • Network access to the BytePlus ARK APIs
  • One BytePlus credential: BYTEPLUS_API_KEY preferred, or ARK_API_KEY as the backward-compatible fallback
  • Optional SEEDANCE_API_KEY if your Seedance environment is keyed separately
  • The package manifest declares BytePlus auth env metadata for byteplus and byteplus-plan, and advertises the BytePlus API-key choice explicitly
  • Optional ARK_BASE_URL if you need to override the default BytePlus Ark endpoint for your region
  • Optional BRIDGE_DURATION_SECONDS if you want to tune how strongly adjacent clips blend at the boundary

Default models

The workflow uses these default BytePlus models unless you override them in the environment:

  • Language model: seed-2-0-pro-260328
  • Image model: seedream-5-0-260128
  • Video model: dreamina-seedance-2-0-260128

Portability checklist

To make the plugin runnable on another machine, keep these items in place:

  1. openclaw.plugin.json at the package root.
  2. package.json with the openclaw.extensions entry.
  3. workflow-core/requirements.txt empty and offline-friendly.
  4. A working python3 and ffmpeg on the target machine.
  5. BYTEPLUS_API_KEY in the plugin-local .env at the repository root, or ARK_API_KEY as the backward-compatible fallback.
  6. A smoke test command that uses the local wrapper:
./scripts/run_shortdrama.sh --brief "A healing rainy-night story about a girl and a cat." --core-only

If ./scripts/bootstrap_env.sh and the smoke test both pass, the plugin is in a good state to run on another machine with the same basic runtime assumptions.

Dependencies

Core workflow dependencies:

  • No additional OpenClaw plugins are required.
  • The workflow is designed to use OpenClaw's bundled byteplus provider when that provider is available in the installed OpenClaw build.

API keys

Prefer this environment variable:

  • BYTEPLUS_API_KEY

Legacy compatibility is still supported:

  • ARK_API_KEY

If BYTEPLUS_API_KEY is present, the local workflow maps it to ARK_API_KEY for backward compatibility.

The shipping workflow does not use Telegram, Discord, Feishu, or other chat-delivery environment variables in the core path.

By default the workflow reads the plugin-local .env at the repository root. It does not automatically read ~/.openclaw/.env unless you explicitly set SHORTDRAMA_ALLOW_HOST_ENV=1. If you want to point at a different local env file, set SHORTDRAMA_ENV_FILE=/absolute/path/to/file.env.

You can obtain or manage the BytePlus API key here:

If you are setting up OpenClaw for the first time, the host-side setup and auth guidance lives in the OpenClaw project repository:

That is the right place to look for the BytePlus/OpenClaw auth flow and the host configuration that provides the API key to plugins.

Mode

  • Core workflow only: this is the primary and supported plugin acceptance path.

Local install

openclaw plugins install -l /path/to/openclaw-shortdrama-plugin
openclaw plugins enable shortdrama
openclaw gateway restart

Recommended provider setup

Use the bundled BytePlus provider:

openclaw onboard --auth-choice byteplus-api-key

The shipped workflow also accepts legacy ARK_API_KEY, but BYTEPLUS_API_KEY is the preferred env var for this plugin.

First run

  1. Create the plugin-local .env from the template at the repository root:
cp .env.example .env
  1. Fill in the environment variables in .env, at minimum your BytePlus key, for example:
BYTEPLUS_API_KEY=your_byteplus_key

The local wrapper auto-loads the plugin-local .env by default. It only reads ~/.openclaw/.env if you explicitly set SHORTDRAMA_ALLOW_HOST_ENV=1.

  1. Create a brief file:
mkdir -p workflow/runtime
printf '%s\n' 'A healing rainy-night story about a girl and a cat.' > workflow/runtime/current_brief.txt
  1. Run the workflow from the plugin root:
./scripts/run_shortdrama.sh --brief-file workflow/runtime/current_brief.txt --core-only
  1. To retry only media stages:
./scripts/run_shortdrama.sh --brief-file workflow/runtime/current_brief.txt --skip-story --core-only

Tool-first usage

The preferred plugin runtime is the native tool:

  • Tool name: shortdrama_generate
  • Required parameter: brief
  • Optional parameters: force_media, skip_story

This keeps the fixed pipeline inside the plugin runtime instead of making any external notification layer part of the core execution path for this repository. The tool executes the Python workflow entry directly; the shell wrapper remains available for manual smoke tests and local scripts.

Work root

The plugin's generated outputs live under workflow/:

  • workflow/docs/
  • workflow/scripts/episode-01.md
  • workflow/storyboards/
  • workflow/assets/
  • workflow/deliverables/

The legacy implementation sources now live under workflow-core/. That directory is not the primary runtime surface of the plugin.