Skip to main content

Degausai

Marketplace Active

Official Wonda plugins for Claude Code

1 Plugin
Purpose

To empower users to generate, edit, and publish diverse forms of digital content directly from their terminal using AI, streamlining creative workflows.

Features

  • AI-powered content generation (image, video, music, text)
  • Extensive video and audio editing operations
  • Direct publishing to social media platforms (Instagram, TikTok, LinkedIn, X)
  • Social media account management and analysis
  • Integration with AI coding agents

Use Cases

  • Generating marketing materials like product videos and ad creatives.
  • Automating social media content creation and posting schedules.
  • Editing short-form videos with animated captions and overlays.
  • Managing and analyzing social media presence from the terminal.

Non-Goals

  • Providing a graphical user interface for content creation.
  • Replacing the need for underlying social media platform accounts.
  • Offering real-time collaboration features beyond CLI execution.

Scope

  • warning:Single responsibility principleThe extension covers a very broad range of capabilities including image, video, audio generation, editing, publishing, and detailed LinkedIn/X/Reddit integrations, which goes beyond a single coherent domain.
  • warning:Minimal I/O surfaceSome commands, like `wonda skill install --all -o .`, and parameters for editing operations (e.g., `params` in `edit video`) suggest potentially broad inputs that might not be strictly minimal for the task.
  • warning:Tool surface sizeThe extension exposes a very large number of commands across multiple domains (content generation, editing, publishing, social media), far exceeding the target of 10.
  • warning:Dry-run previewThe README does not mention a dry-run feature for state-changing commands like publishing or deleting posts, making it difficult to preview the full effect before execution.

Invocation

  • warning:Scoped toolsWhile many specific commands exist, the sheer number of commands and the potential for broad interpretation of some like 'scrape social' or 'generate text' suggest a less strictly scoped toolset than ideal.
  • warning:Overlapping near-synonym toolsThere are several near-synonym commands, such as `generate image`, `generate video`, `generate text`, `generate music`, and potentially overlapping functionalities within the LinkedIn and X commands, which could lead to model disambiguation challenges.

Documentation

  • info:Configuration & parameter referenceThe README provides extensive command documentation, but explicit default values for all parameters and precedence order for configuration are not always clear.

License

  • warning:License usabilityThe license is described as 'Proprietary' in the README with a link to wonda.sh, but no SPDX identifier or explicit LICENSE file is readily available in the repository, making its precise usability unclear.

Maintenance

  • warning:Dependency ManagementThe project uses npm and Homebrew for installation, but there's no clear indication of vulnerability scanning or automated dependency update mechanisms beyond what npm/Homebrew might provide.

Security

  • warning:Secret ManagementCommands like `wonda auth login`, `wonda linkedin auth set`, and `wonda x auth set` imply secret handling, but the README does not detail how these secrets are stored, protected, or if they are ever exposed via logs or debug output.
  • warning:InjectionThe extension executes shell commands and interacts with external services based on user input and prompts; without explicit mention of input sanitization or treating loaded data as untrusted, there's a potential risk of injection.
  • warning:Transitive Supply-Chain GrenadesThe use of `npm i -g` and `brew install` for installation, and the potential for commands like `wonda skill install` to fetch remote content, suggest a reliance on external sources that could be subject to supply-chain attacks if not carefully managed.
  • warning:Sandbox IsolationWhile not explicitly stated, commands that modify files or interact with external services (like publishing) could potentially write outside of expected scopes if not carefully implemented, though the README does not detail specific sandbox escape primitives.
  • warning:Data ExfiltrationCommands that authenticate with services like LinkedIn and X, and the presence of `wonda auth login`, imply handling of sensitive credentials. The README does not explicitly state how this data is protected from exfiltration or if it's submitted to third parties without clear user consent.
  • warning:Unguarded Destructive OperationsCommands like `wonda delete-post` and potentially others that modify external services (e.g., publishing) lack explicit mention of confirmation gates or dry-run modes in the README, posing a risk of accidental destructive operations.

Portability

  • warning:Structural AssumptionThe `wonda skill install -o .` command suggests assumptions about project structure for local skill installation, which might break if a user's project organization differs from expectations.

Trust

  • warning:Issues AttentionThere are 2 open issues with 0 closed issues in the last 90 days, indicating slow responsiveness or a lack of active issue management.

Code Execution

  • warning:ValidationWhile commands accept parameters, there is no explicit mention or evidence of a schema library being used for validation and sanitization of all input arguments, which could lead to unexpected behavior or errors.
  • warning:Error HandlingThe README does not detail specific error handling mechanisms for commands. While JSON output is mentioned for commands, the clarity and actionability of error messages are not elaborated upon.
  • warning:LoggingThe README does not mention any local audit logging for destructive actions or outbound calls, which would be important for reviewing executed commands.

Compliance

  • warning:GDPRThe extension handles user authentication and interacts with social media platforms, which inherently involves personal data. The README does not specify how this data is sanitized or protected, nor if it's submitted to third parties.
  • warning:Telemetry opt-inThe README does not specify whether telemetry is collected, if it's opt-in or opt-out, or what fields are collected, which is a privacy concern.

Errors

  • warning:Actionable error messagesWhile the README mentions JSON output for commands, it does not specify if error messages are actionable, including root cause and remediation steps.

Execution

  • warning:Pinned dependenciesThe project uses npm and Homebrew, but there is no explicit mention of lockfiles or pinned interpreter versions for bundled scripts, which could lead to unpredictable behavior.

Protocol

  • warning:Idempotent retry & timeoutsThe README does not provide information on whether mutating operations are idempotent or if hard timeouts are enforced for external calls, which could lead to issues with retries and long-running operations.

Installation

/plugin marketplace add degausai/wonda

Contains 1 extensions

Plugin (1)

Wonda Plugin

AI-powered content generation from your terminal — images, video, music, audio, editing, and social publishing

75

Quality Score

72 /100
Analyzed about 24 hours ago

Trust Signals

Last commitabout 24 hours ago
GitHub owner degausai (opens in new tab)
Stars89
Websitewonda.sh(opens in new tab)
Status
View Source

© 2025 SkillRepo · Find the right skill, skip the noise.