Visual Benchmarker
Analysis
This is a coherent instruction-only workflow, but it relies on a separate Douyin search skill and TikHub API token that users should verify before use.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
AI 将第一步生成的关键词,作为参数,**调用已安装的 `douyin-video-search` 技能**来获取视频列表。
The workflow depends on tool chaining into another installed skill. This is disclosed and central to the stated purpose, but users should understand that the result depends on the behavior and permissions of that separate tool.
source: https://github.com/your-repo/visual-benchmarker
The declared source appears to be a placeholder rather than a verifiable repository. Because this skill contains only instructions and no code, this is a provenance note rather than evidence of unsafe behavior.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
- **`skill:douyin-video-search`**: 必须已安装并在 `config.json` 中配置好 `tikhub_api_token`。
The dependent skill requires a TikHub API token. This credential use is expected for the search integration, but it is a privileged account secret that users should manage carefully.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
用户需提供一份包含战略信息的文本文件(作战地图、产品资料等)...关键词,作为参数...调用已安装的 `douyin-video-search` 技能
The workflow derives search keywords from potentially strategic user materials and passes those keywords to a dependent search tool. The artifact indicates only keywords are sent, and this is purpose-aligned, but the boundary should be understood.