Douyin Trend Finder
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent, instruction-only Douyin trend assistant with no evidence of credential access, persistence, data exfiltration, or destructive behavior.
This appears safe to install if you are comfortable with a trend-finding skill using Python/curl and the requests package for public Douyin-related lookups. Verify any paid-tier or real-time-data claims independently, and do not provide credentials unless a future version clearly documents why they are needed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may rely on Python or curl to fetch or process public Douyin trend information.
The skill declares local command-line/network-capable tools, which is expected for retrieving public trend data but is still worth noticing before installation.
"requires": { "bins": ["python3", "curl"] }Use it for user-directed public trend lookups, and review any command the agent proposes before allowing broader local or network activity.
Installing the skill may require adding the Python requests library to the local environment.
The artifact references installing a third-party Python package. This is common and purpose-aligned for network data retrieval, but it introduces normal package-provenance considerations.
"kind": "pip", "package": "requests", "label": "安装依赖:pip3 install requests"
Install dependencies from trusted package indexes and keep the environment isolated if possible.