waoowaoo

Name: waoowaoo
Author: waoowaooAI

Issues

The first industrial-grade full-process AI film and television production platform. Industry-first professional AI Agent platform for controllable film & video production. From shorts to live-action with Hollywood-standard workflows.

8,577stars

1,812forks

TypeScript

Added 3/2/2026

View on GitHub Download ZIP Scan for vulnerabilities

AI Agentsai-agentai-agentsautomationfilm-productiongenerative-ai

Installation

# Add to your Claude Code skills
git clone https://github.com/waoowaooAI/waoowaoo

Getting Started

Guides for using ai agents skills like waoowaoo.

Security ReportIssues

Last scanned: 4/18/2026

{
  "issues": [
    {
      "type": "npm-audit",
      "message": "@aws-sdk/xml-builder: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "@hono/node-server: @hono/node-server: Middleware bypass via repeated slashes in serveStatic",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@prisma/config: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "@remotion/bundler: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "@remotion/cli: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "@remotion/studio-server: Vulnerability found",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "@vitest/coverage-v8: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@vitest/mocker: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@xmldom/xmldom: xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "ajv: ajv has ReDoS when using `$data` option",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "ajv-formats: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "conf: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "cos-nodejs-sdk-v5: Vulnerability found",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "defu: defu: Prototype pollution via `__proto__` key in defaults argument",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "effect: Effect `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "esbuild: esbuild enables any website to send any requests to the development server and read the response",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "express-rate-limit: express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "fast-xml-parser: fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "form-data: form-data uses unsafe random function in form-data for choosing boundary",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "hono: Hono vulnerable to Prototype Pollution possible through __proto__ key allowed in parseBody({ dot: true })",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "lodash: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "next: Next Server Actions Source Code Exposure ",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "next-auth: NextAuthjs Email misdelivery Vulnerability",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "next-intl: next-intl has an open redirect vulnerability",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "path-to-regexp: path-to-regexp vulnerable to Denial of Service via sequential optional groups",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "preact: Preact has JSON VNode Injection issue",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "prisma: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "qs: qs's arrayLimit bypass in comma parsing allows denial of service",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "request: Server-Side Request Forgery in Request",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "rollup: Rollup 4 has Arbitrary File Write via Path Traversal",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "serialize-javascript: Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "tar: node-tar has a race condition leading to uninitialized memory exposure",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "terser-webpack-plugin: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "tough-cookie: tough-cookie Prototype Pollution vulnerability",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "underscore: Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "undici: Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "vite-node: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "vitest: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "webpack: webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior",
      "severity": "low"
    }
  ],
  "status": "FAILED",
  "scannedAt": "2026-04-18T05:42:17.614Z",
  "semgrepRan": false,
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

202,587

claude-code-tips ccpm

🚀 探索 AI 影视的下一代创作流 | 立即加入 waoowaoo在线网页版内测候补

waoowaoo AI 影视 Studio

[!IMPORTANT] ⚠️ 测试版声明：本项目目前处于测试初期阶段，由于暂时只有我一个人开发，存在部分 bug 和不完善之处。我们正在快速迭代更新中，欢迎进群反馈问题和需求，及时关注项目更新！目前更新会非常频繁，后续会增加大量新功能以及优化效果，我们的目标是成为行业最强AI工具！！

⚠️ Beta Notice: This project is currently in its early beta stage. As it is currently a solo-developed project, some bugs and imperfections are to be expected. We are iterating rapidly—please stay tuned for frequent updates! We are committed to rolling out a massive roadmap of new features and optimizations, with the ultimate goal of becoming the top-tier solution in the industry. Your feedback and feature requests are highly welcome!

一款基于 AI 技术的短剧/漫画视频制作工具，支持从小说文本自动生成分镜、角色、场景，并制作成完整视频。

An AI-powered tool for creating short drama / comic videos — automatically generates storyboards, characters, and scenes from novel text, then assembles them into complete videos.

✨ 功能特性 / Features

| | 中文 | English | |---|---|---| | 🎬 | AI 剧本分析 - 自动解析小说，提取角色、场景、剧情 | AI Script Analysis - parse novels, extract characters, scenes & plot | | 🎨 | 角色 & 场景生成 - AI 生成一致性人物和场景图片 | Character & Scene Generation - consistent AI-generated images | | 📽️ | 分镜视频制作 - 自动生成分镜头并合成视频 | Storyboard Video - auto-generate shots and compose videos | | 🎙️ | AI 配音 - 多角色语音合成 | AI Voiceover - multi-character voice synthesis | | 🌐 | 多语言支持 - 中文 / 英文界面，右上角一键切换 | Bilingual UI - Chinese / English, switch in the top-right corner |

🚀 快速开始

前提条件：安装 Docker Desktop

git clone https://github.com/saturndec/waoowaoo.git
cd waoowaoo
docker compose up -d

访问 http://localhost:13000 开始使用！

首次启动会自动完成数据库初始化，无需任何额外配置。

⚠️ 如果遇到网页卡顿：HTTP 模式下浏览器可能限制并发连接。可安装 Caddy 启用 HTTPS：
caddy run --config Caddyfile
然后访问 https://localhost:1443

🔄 更新到最新版本

git pull
docker compose down && docker compose up -d --build

🚀 Quick Start

Prerequisites: Install Docker Desktop

git clone https://github.com/saturndec/waoowaoo.git
cd waoowaoo
docker compose up -d

Visit http://localhost:13000 to get started!

The database is initialized automatically on first launch — no extra configuration needed.

⚠️ If you experience lag: HTTP mode may limit browser connections. Install Caddy for HTTPS:
caddy run --config Caddyfile
Then visit https://localhost:1443

🔄 Updating to the Latest Version

git pull
docker compose down && docker compose up -d --build

🔧 API 配置 / API Configuration

启动后进入设置中心配置 AI 服务的 API Key，内置配置教程。

After launching, go to Settings to configure your AI service API keys. A built-in guide is provided.

💡 推荐 / Recommended: Tested with ByteDance Volcano Engine (Seedance, Seedream) and Google AI Studio (Banana). Text models currently require OpenRouter API.

📦 技术栈 / Tech Stack

Framework: Next.js 15 + React 19
Database: MySQL + Prisma ORM
Queue: Redis + BullMQ
Styling: Tailwind CSS v4
Auth: NextAuth.js

📦 页面功能预览 / preview

4f7b913264f7f26438c12560340e958c67fa833a 67509361cbe6809d2496a550de5733b9f99a9702 466e13c8fd1fc799d8f588c367ebfa24e1e99bf7 c067c197c20b0f1de456357c49cdf0b0973c9b31

🤝 参与方式 / Contributing

本项目由核心团队独立维护。欢迎你通过以下方式参与：

🐛 提交 Issue 反馈 Bug
💡 提交 Issue 提出功能建议
🔧 提交 Pull Request 供参考 — 我们会认真审阅每一个 PR 的思路，但最终由团队自行实现修复，不会直接合并外部 PR

This project is maintained by the core team. You're welcome to contribute by:

🐛 Filing Issues — report bugs
💡 Filing Issues — propose features
🔧 Submitting Pull Requests as references — we review every PR carefully for ideas, but the team implements fixes internally rather than merging external PRs directly

Made with ❤️ by waoowaoo team