Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and SKILL.md implement video export via TikHub and optional 'douplus' export via a BOSS endpoint, which matches the skill name/description. However the registry metadata claims no required env vars while both SKILL.md and export.py expect a TikHub token (TIKHUB_TOKEN or config.json key). That omission is an inconsistency that should have been declared.
Instruction Scope
Runtime instructions are straightforward: run export.py with sec_user_id and account name; optionally provide a douplus token/customer id. The script makes outbound HTTPS requests to api.tikhub.io and boss-ip.da-mai.com and saves results to the workspace. It prints request URLs and a REPORT_PATH for other tools to consume. No arbitrary shell execution or obfuscated behavior was found.
Install Mechanism
There is no installer that downloads remote executables; the skill includes a plain Python script and declares Python as a required binary. This is low-install risk. (SKILL.md contains a small 'install' snippet, but there is no external download or archive extraction in the package.)
Credentials
The package metadata lists no required env vars or config paths, yet export.py reads a config file at OPENCLAW_ROOT/config.json and/or the TIKHUB_TOKEN environment variable. Reading OPENCLAW_ROOT/config.json is a meaningful access to the agent's environment and could expose other config contents during execution; the skill also expects a potentially sensitive douplus Bearer token (provided via CLI or browser). These accesses should be declared up front.
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills, and only writes output under the workspace directory. It does not create persistent system services or alter agent configuration beyond reading a config.json.
What to consider before installing
This skill's functionality (fetching Douyin videos via TikHub and optional douplus exports) appears legitimate, but there are inconsistencies you should weigh before installing:
- The package fails to declare that it needs a TikHub API token (TIKHUB_TOKEN) and that it will read OPENCLAW_ROOT/config.json. Treat these as sensitive: config.json may contain other secrets on your agent host.
- The script will make outbound HTTPS requests to api.tikhub.io and to boss-ip.da-mai.com (the latter for douplus exports). Only provide the douplus Bearer token if you trust that external endpoint and you obtained the token securely.
- The tool asks you to extract sec_user_id and tokens from a browser — avoid sharing full browser session cookies or other secrets when doing so.
Recommendations:
1) Inspect your OPENCLAW_ROOT/config.json before running; consider creating a minimal config file that only contains the tikhub_api_token you intend to use.
2) Run the script in an isolated environment (not on a machine holding other sensitive agent credentials) until you are comfortable with its behavior.
3) Prefer supplying tokens via environment variables or a dedicated config with least privilege, and avoid hardcoding tokens into the script.
4) If you need stronger assurance, request the skill author to update metadata to declare required env vars (TIKHUB_TOKEN) and the config file path, and to document exactly what external endpoints it calls.Like a lobster shell, security has layers — review code before you run it.
latestvk973ypr98e5g5m84638frj5f8583kvfc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython