douyin push video
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches Douyin video posting, but it can reuse saved account tokens to publish videos publicly by default without a clearly required final confirmation step.
Use this only if you are comfortable granting Douyin video-publishing access. Before running it, confirm the exact account, video path, caption, and visibility setting; keep the .env file private; and revoke or rotate tokens when you no longer need automated posting.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or unintended file/title could be posted publicly to the user's Douyin account.
The code defaults posts to public visibility and the command-line workflow can publish with only a video path and optional title, with no built-in final approval or privacy prompt.
@param {number} [opts.private_status] - 0 全部可见, 1 自见, 2 好友可见 ... private_status = 0 ... // CLI:node index.js <视频路径> [标题]Require an explicit final confirmation showing account, file path, title, and visibility before calling the publish API; consider defaulting to private visibility or adding a dry-run mode.
Anyone or any process that can read the .env file may obtain credentials that can publish to the Douyin account until revoked or expired.
The skill stores account publishing credentials persistently and reuses them for future Douyin posting.
将用户提供的 openId 和 accessToken 写入项目根目录的 .env ... 会一直保留,之后发抖音会优先用这份配置。
Store tokens only when necessary, keep .env out of source control, restrict file permissions, rotate or revoke tokens after use, and declare these credential requirements in metadata.
The chosen video file leaves the local machine and is sent to Douyin; choosing the wrong path could upload unintended content.
The selected local video file and OAuth token are sent to Douyin's API endpoint, which is expected for the stated integration.
const BASE = 'https://open.douyin.com'; ... form.append('video', createReadStream(absPath) ... headers: { 'access-token': accessToken, ...form.getHeaders() }Verify the file path and destination before upload, and avoid using broad or sensitive file paths unless the user explicitly selected them.