Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
抖音学习流水线
v1.0.0抖音链接总控工作流(精简版):自动区分"下载解析"和"文案提取"两类需求,并在需要时串联完成转写、智能修顺、结构拆解与后置仿写。Use when 用户发送抖音链接,要求"解析抖音""下载无水印""提取抖音文案""抖音转文字""提取口播稿""拆解这条视频""基于这条抖音做仿写"时触发。 固定主链:链接 → 转写 →...
⭐ 0· 35·0 current·0 all-time
byAleeAI@anyhui
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's code and SKILL.md implement a full Douyin downloader + transcription + postprocessing pipeline — that matches the name/description. However the registry metadata claims no required env vars or credentials while SKILL.md and the bundled code clearly require a SiliconFlow API key, Douyin cookies (msToken, ttwid, odin_tt, passport_csrf_token, sid_guard) and optionally document tokens (Feishu/OPENAI). The omission of these required secrets from the declared metadata is an inconsistency that reduces transparency.
Instruction Scope
Runtime instructions direct the agent to run environment checks and to auto-install missing dependencies (pip, apt, brew), to clone/execute downloader code, to ask the user for secrets (SiliconFlow API key and Douyin cookies) and to write local config and cookie files. It also calls external services (SiliconFlow API, optional mssdk endpoints via ms_token_manager using a remote conf URL, and could write to Feishu if configured). Asking for full account cookies and performing network calls are within the downloader's purpose, but the broad, automatic install-and-fetch behavior and the mismatch with declared requirements are scope and privacy concerns.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the package includes many code files and helper scripts. The SKILL.md instructs pip installs and system package installs (apt/brew) and may clone an external GitHub repo (https://github.com/jiji262/douyin-downloader.git). Cloning a public GitHub repo and pip/apt/brew installs are expected for this tooling, but they add risk because arbitrary code will be placed on disk and executed; the ms_token_manager also fetches remote YAML from raw.githubusercontent.com and may POST to a configured mssdk endpoint. This is moderate risk but not automatically malicious.
Credentials
The skill requests sensitive credentials in its instructions (SiliconFlow API key, Douyin cookie values, optional Feishu token, possibly OPENAI_API_KEY for transcription) but the registry metadata declares no required environment variables or primary credential. Requesting Douyin cookies is functionally required for no-watermark downloads and some msToken flows, but the absence of these requirements in the manifest is an incoherence. Users should treat provided cookies and API keys as high-value secrets.
Persistence & Privilege
The skill does not request persistent 'always' inclusion and does not claim to modify other skills. It will write local files (local/config.json, .cookies.json, download_manifest.jsonl, dy_downloader.db) and may run package managers requiring elevated privileges (apt/brew) if the environment is missing system dependencies — the auto-install behavior can perform privileged actions after user confirmation, which is a notable privilege-related surface but not an explicit persistent elevation of platform privileges.
Scan Findings in Context
[base64-block] unexpected: The pre-scan flagged a 'base64-block' prompt-injection pattern in SKILL.md. The visible SKILL.md does not obviously contain executable base64 payloads, so this may be a false positive or an embedded comment. Still, any prompt-injection flags in runtime instructions are worth extra scrutiny because they indicate the packaged instructions attempted to include an unusual block that could influence agent behavior.
What to consider before installing
This skill contains a full Douyin downloader and related scripts and will ask for and store sensitive data (Douyin cookies, SiliconFlow API key, optionally Feishu/OPENAI tokens), auto-install Python packages and system tools, and fetch remote configuration/endpoint data. Before installing: 1) Verify the source / GitHub repo and publisher (the package has no homepage listed). 2) Do not supply full account cookies to untrusted code — prefer limited tokens or ephemeral credentials. 3) Run the skill in an isolated environment (VM/container) if you will allow automatic installs or execution. 4) Inspect scripts referenced by SKILL.md (scripts/check_env.sh, download_douyin.sh, transcribe.sh, setup_config.py) before running them, and decline automatic apt/brew sudo installs if unsure. 5) If you must use it, limit network access (or monitor outgoing connections) and consider sandboxing; restrict any Feishu tokens or other document tokens to least privilege. The primary red flags are the manifest/metadata mismatch about required secrets and the skill's ability to fetch remote configs and perform privileged installs — these make it reasonable to treat the package as potentially risky until you verify its origin and code.Like a lobster shell, security has layers — review code before you run it.
douyinvk97d21fegn9q1gfacnts5s7kbh84vpx2latestvk97d21fegn9q1gfacnts5s7kbh84vpx2transcriptionvk97d21fegn9q1gfacnts5s7kbh84vpx2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.