by waoowaooAI
The first industrial-grade full-process AI film and television production platform. Industry-first professional AI Agent platform for controllable film & video production. From shorts to live-action with Hollywood-standard workflows.
# Add to your Claude Code skills
git clone https://github.com/waoowaooAI/waoowaooLast scanned: 4/18/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@aws-sdk/xml-builder: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@hono/node-server: @hono/node-server: Middleware bypass via repeated slashes in serveStatic",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@prisma/config: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@remotion/bundler: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@remotion/cli: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@remotion/studio-server: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@vitest/coverage-v8: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@vitest/mocker: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@xmldom/xmldom: xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ajv-formats: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "conf: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "cos-nodejs-sdk-v5: Vulnerability found",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "defu: defu: Prototype pollution via `__proto__` key in defaults argument",
"severity": "high"
},
{
"type": "npm-audit",
"message": "effect: Effect `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC",
"severity": "high"
},
{
"type": "npm-audit",
"message": "esbuild: esbuild enables any website to send any requests to the development server and read the response",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "express-rate-limit: express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network",
"severity": "high"
},
{
"type": "npm-audit",
"message": "fast-xml-parser: fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "form-data: form-data uses unsafe random function in form-data for choosing boundary",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"severity": "high"
},
{
"type": "npm-audit",
"message": "hono: Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true })",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "lodash: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "next: Next Server Actions Source Code Exposure ",
"severity": "high"
},
{
"type": "npm-audit",
"message": "next-auth: NextAuthjs Email misdelivery Vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "next-intl: next-intl has an open redirect vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp vulnerable to Denial of Service via sequential optional groups",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "preact: Preact has JSON VNode Injection issue",
"severity": "high"
},
{
"type": "npm-audit",
"message": "prisma: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "qs: qs's arrayLimit bypass in comma parsing allows denial of service",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "request: Server-Side Request Forgery in Request",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "rollup: Rollup 4 has Arbitrary File Write via Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "serialize-javascript: Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tar: node-tar has a race condition leading to uninitialized memory exposure",
"severity": "high"
},
{
"type": "npm-audit",
"message": "terser-webpack-plugin: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tough-cookie: tough-cookie Prototype Pollution vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "underscore: Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
"severity": "high"
},
{
"type": "npm-audit",
"message": "undici: Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"severity": "high"
},
{
"type": "npm-audit",
"message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vite-node: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vitest: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "webpack: webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior",
"severity": "low"
}
],
"status": "FAILED",
"scannedAt": "2026-04-18T05:42:17.614Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}waoowaoo is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by waoowaooAI. The first industrial-grade full-process AI film and television production platform. Industry-first professional AI Agent platform for controllable film & video production. From shorts to live-action with Hollywood-standard workflows. It has 8,577 GitHub stars.
waoowaoo failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.
Clone the repository with "git clone https://github.com/waoowaooAI/waoowaoo" and add it to your Claude Code skills directory (see the Installation section above).
waoowaoo is primarily written in TypeScript. It is open-source under waoowaooAI on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh waoowaoo against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
[!IMPORTANT] ⚠️ 测试版声明:本项目目前处于测试初期阶段,由于暂时只有我一个人开发,存在部分 bug 和不完善之处。我们正在快速迭代更新中,欢迎进群反馈问题和需求,及时关注项目更新!目前更新会非常频繁,后续会增加大量新功能以及优化效果,我们的目标是成为行业最强AI工具!!
⚠️ Beta Notice: This project is currently in its early beta stage. As it is currently a solo-developed project, some bugs and imperfections are to be expected. We are iterating rapidly—please stay tuned for frequent updates! We are committed to rolling out a massive roadmap of new features and optimizations, with the ultimate goal of becoming the top-tier solution in the industry. Your feedback and feature requests are highly welcome!
一款基于 AI 技术的短剧/漫画视频制作工具,支持从小说文本自动生成分镜、角色、场景,并制作成完整视频。
An AI-powered tool for creating short drama / comic videos — automatically generates storyboards, characters, and scenes from novel text, then assembles them into complete videos.
| 中文 | English | |
|---|---|---|
| 🎬 | AI 剧本分析 - 自动解析小说,提取角色、场景、剧情 | AI Script Analysis - parse novels, extract characters, scenes & plot |
| 🎨 | 角色 & 场景生成 - AI 生成一致性人物和场景图片 | Character & Scene Generation - consistent AI-generated images |
| 📽️ | 分镜视频制作 - 自动生成分镜头并合成视频 | Storyboard Video - auto-generate shots and compose videos |
| 🎙️ | AI 配音 - 多角色语音合成 | AI Voiceover - multi-character voice synthesis |
| 🌐 | 多语言支持 - 中文 / 英文界面,右上角一键切换 | Bilingual UI - Chinese / English, switch in the top-right corner |
前提条件:安装 Docker Desktop
git clone https://github.com/saturndec/waoowaoo.git
cd waoowaoo
docker compose up -d
访问 http://localhost:13000 开始使用!
首次启动会自动完成数据库初始化,无需任何额外配置。
⚠️ 如果遇到网页卡顿:HTTP 模式下浏览器可能限制并发连接。可安装 Caddy 启用 HTTPS:
caddy run --config Caddyfile
git pull
docker compose down && docker compose up -d --build
Prerequisites: Install Docker Desktop
git clone https://github.com/saturndec/waoowaoo.git
cd waoowaoo
docker compose up -d
Visit http://localhost:13000 to get started!
The database is initialized automatically on first launch — no extra configuration needed.
⚠️ If you experience lag: HTTP mode may limit browser connections. Install Caddy for HTTPS:
caddy run --config CaddyfileThen visit https://localhost:1443
git pull
docker compose down && docker compose up -d --build
启动后进入设置中心配置 AI 服务的 API Key,内置配置教程。
After launching, go to Settings to configure your AI service API keys. A built-in guide is provided.
💡 推荐 / Recommended: Tested with ByteDance Volcano Engine (Seedance, Seedream) and Google AI Studio (Banana). Text models currently require OpenRouter API.
本项目由核心团队独立维护。欢迎你通过以下方式参与:
This project is maintained by the core team. You're welcome to contribute by:
Made with ❤️ by waoowaoo team