waoowaoo

Name: waoowaoo
Author: waooAI

Issues

首家工业级全流程 AI 影视生产平台。Industry-first professional AI Agent platform for controllable film & video production. From shorts to live-action with Hollywood-standard workflows.

12,833stars

2,889forks

TypeScript

Installation

# Add to your Claude Code skills
git clone https://github.com/waooAI/waoowaoo

Getting Started

Guides for using ai agents skills like waoowaoo.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

Security ReportIssues

Last scanned: 5/7/2026

{
  "issues": [
    {
      "type": "npm-audit",
      "message": "@aws-sdk/xml-builder: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "@hono/node-server: @hono/node-server: Middleware bypass via repeated slashes in serveStatic",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@prisma/config: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@remotion/bundler: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "@remotion/cli: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "@remotion/studio-server: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "@vitest/coverage-v8: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@vitest/mocker: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@xmldom/xmldom: xmldom: Uncontrolled recursion in XML serialization leads to DoS",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "ajv: ajv has ReDoS when using `$data` option",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "ajv-formats: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "bullmq: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "conf: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "cos-nodejs-sdk-v5: Vulnerability found",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "defu: defu: Prototype pollution via `__proto__` key in defaults argument",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "effect: Effect `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "esbuild: esbuild enables any website to send any requests to the development server and read the response",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "express-rate-limit: express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "fast-xml-parser: fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "form-data: form-data uses unsafe random function in form-data for choosing boundary",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "hono: Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true })",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "lodash: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "next: Next Server Actions Source Code Exposure ",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "next-auth: NextAuthjs Email misdelivery Vulnerability",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "next-intl: next-intl has an open redirect vulnerability",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "path-to-regexp: path-to-regexp vulnerable to Denial of Service via sequential optional groups",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "preact: Preact has JSON VNode Injection issue",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "prisma: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "qs: qs's arrayLimit bypass in comma parsing allows denial of service",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "request: Server-Side Request Forgery in Request",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "rollup: Rollup 4 has Arbitrary File Write via Path Traversal",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "serialize-javascript: Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "tar: node-tar has a race condition leading to uninitialized memory exposure",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "terser-webpack-plugin: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "tough-cookie: tough-cookie Prototype Pollution vulnerability",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "underscore: Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "undici: Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "vite-node: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "vitest: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "webpack: webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior",
      "severity": "low"
    }
  ],
  "status": "FAILED",
  "scannedAt": "2026-05-07T06:34:51.100Z",
  "semgrepRan": false,
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Frequently Asked Questions

What is waoowaoo?

waoowaoo is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by waooAI. 首家工业级全流程 AI 影视生产平台。Industry-first professional AI Agent platform for controllable film & video production. From shorts to live-action with Hollywood-standard workflows. It has 12,833 GitHub stars.

Is waoowaoo safe to use?

waoowaoo failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.

How do I install waoowaoo?

Clone the repository with "git clone https://github.com/waooAI/waoowaoo" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is waoowaoo written in?

waoowaoo is primarily written in TypeScript. It is open-source under waooAI on GitHub, so you can review or fork the full source.

Are there alternatives to waoowaoo?

Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh waoowaoo against similar tools.

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

218,961

GenericAgent Vibe-Trading

[!IMPORTANT] ⚠️ 测试版声明：本项目目前处于测试初期阶段，由于暂时只有我一个人开发，存在部分 bug 和不完善之处。我们正在快速迭代更新中，欢迎进群反馈问题和需求，及时关注项目更新！目前更新会非常频繁，后续会增加大量新功能以及优化效果，我们的目标是成为行业最强AI工具！

✨ 功能特性

🎬 AI 剧本分析 — 自动解析小说，提取角色、场景、剧情
🎨 角色 & 场景生成 — AI 生成一致性人物和场景图片
📽️ 分镜视频制作 — 自动生成分镜头并合成视频
🎙️ AI 配音 — 多角色语音合成
🌐 多语言支持 — 中文 / 英文界面，右上角一键切换

🚀 快速开始

前提条件：安装 Docker Desktop

方式一：拉取预构建镜像（最简单）

无需克隆仓库，下载即用：

# 下载 docker-compose.yml
curl -O https://raw.githubusercontent.com/saturndec/waoowaoo/main/docker-compose.yml

# 启动所有服务
docker compose up -d

⚠️ 当前为测试版，版本间数据库不兼容。升级请先清除旧数据：

docker compose down -v
docker rmi ghcr.io/saturndec/waoowaoo:latest
curl -O https://raw.githubusercontent.com/saturndec/waoowaoo/main/docker-compose.yml
docker compose up -d

启动后请清空浏览器缓存并重新登录，避免旧版本缓存导致异常。

方式二：克隆仓库 + Docker 构建（完全控制）

git clone https://github.com/saturndec/waoowaoo.git
cd waoowaoo
docker compose up -d

更新版本：

git pull
docker compose down && docker compose up -d --build

方式三：本地开发模式（开发者）

git clone https://github.com/saturndec/waoowaoo.git
cd waoowaoo

# 复制环境变量配置文件（必须在 npm install 之前完成）
cp .env.example .env
# ⚠️ 编辑 .env，填入你的 AI API Key（NEXTAUTH_URL 默认已是 http://localhost:3000，无需修改）

npm install

# 只启动基础设施
# 注意：docker-compose.yml 将服务映射到非标准端口，.env.example 已按此预设
mysql:13306  redis:16379  minio:19000
docker compose up mysql redis minio -d

# 初始化数据库表结构（首次必须执行，跳过会导致启动后报错）
npx prisma db push

# 启动开发服务器
npm run dev

[!WARNING] 跳过 npx prisma db push 会导致所有数据库表不存在，启动后报错 The table 'tasks' does not exist。请务必先运行此命令再启动开发服务器。

访问 http://localhost:13000（方式一、二）或 http://localhost:3000（方式三）开始使用！

首次启动会自动完成数据库初始化，无需任何额外配置。

[!TIP] 如果遇到网页卡顿：HTTP 模式下浏览器可能限制并发连接。可安装 Caddy 启用 HTTPS：
caddy run --config Caddyfile
然后访问 https://localhost:1443

🔧 API 配置

启动后进入设置中心配置 AI 服务的 API Key，内置配置教程。

💡 注意：目前仅推荐使用各服务商官方 API，第三方兼容格式（OpenAI Compatible）尚不完善，后续版本会持续优化。

📦 技术栈

框架: Next.js 15 + React 19
数据库: MySQL + Prisma ORM
队列: Redis + BullMQ
样式: Tailwind CSS v4
认证: NextAuth.js

📦 页面功能预览

4f7b913264f7f26438c12560340e958c67fa833a 67509361cbe6809d2496a550de5733b9f99a9702 466e13c8fd1fc799d8f588c367ebfa24e1e99bf7 c067c197c20b0f1de456357c49cdf0b0973c9b31