抖音口播爆款文案生成-教育类
PassAudited by ClawScan on May 14, 2026.
Overview
This appears to be a content-writing helper with web research and a simple local style-check script, not a credentialed or persistent tool, but users should notice its packaging inconsistencies and human-sounding persuasive framing.
Before using this skill, confirm the script paths are correct, use only the reviewed local Python checker, and manually verify any facts or statistics found through web search. The skill is intended to create persuasive human-sounding education content, so be careful not to present generated advice as verified expert experience unless you can support it.
Publisher note
# ClawScan Note: douyin-sensitive-check ## 一、基础信息 - **Skill名称**:douyin-sensitive-check - **版本**:1.0.2 - **核心功能**:抖音/短视频违禁词、敏感词、广告极限词、平台限流词本地检测;支持每日自动拉取开源词库更新、离线检测、上下文标注、文案改写建议 - **归属模块**:OpenClaw 内容合规检测类 Skill - **运行依赖**:python3、本地文件读写权限、网络访问权限(仅每日首次更新) ## 二、运行时依赖与环境要求 1. **系统兼容**:macOS、Linux(无Windows适配) 2. **核心依赖**:仅依赖Python标准库(sys、re、pathlib、urllib、json、datetime),无第三方pip包 3. **目录权限**:需Skill目录下`data/`子目录**读写权限**(存储词库缓存、更新状态文件) 4. **网络权限**:仅开放`raw.githubusercontent.com`域名**只读访问权限**(每日首次更新词库) ## 三、网络行为审计(低风险) 1. **触发时机**:**每日首次运行时**自动触发词库更新,当日后续运行无网络请求 2. **请求目标**:仅3个公开GitHub开源仓库原始词库地址(konsheng/Sensitive-lexicon、bigdata-labs/sensitive-stop-words、jkiss/sensitive-words) 3. **数据流向**:**仅下载、无上传**,仅拉取公开词库文本,不传输用户文案、个人信息等任何数据 4. **降级机制**:网络请求失败时,**自动降级使用本地缓存词库**,不影响核心检测功能 ## 四、文件操作审计(低风险) 1. **操作目录**:仅Skill自身目录下`data/`(自动创建,`.gitignore`排除) 2. **核心文件** - `sensitive_words.txt`:合并去重后的敏感词库(只读加载、覆盖更新) - `.update_state.json`:记录最后更新日期、词库数量(读写) 3. **操作范围**:**仅读写Skill私有数据目录**,不访问系统目录、用户个人文件、其他Skill目录 ## 五、安全风险点(可控低风险) 1. **词库更新无校验**:自动拉取第三方开源词库,**无数字签名/哈希校验**,存在上游词库被篡改引入恶意词条的极小概率风险 2. **子串匹配误报**:采用长词优先的子串匹配逻辑,**可能误判正常文本**(如普通词包含敏感词片段) 3. **词库时效性**:开源词库更新滞后于抖音平台最新规则,**存在小众限流词漏检风险** 4. **无日志留存**:无检测日志持久化,无法追溯历史检测记录 ## 六、风险等级评定 **风险等级:低(Low)** - 无用户数据上传、无远程代码执行、无系统权限提升、无隐私泄露风险 - 网络请求仅指向公开可信域名,文件操作局限于私有目录 - 风险均为功能层面可控问题,无安全破坏性风险 ## 七、合规与隐私说明 1. **隐私合规**:全程**不存储、不上传、不泄露用户输入文案**,检测逻辑完全本地执行 2. **词库合规**:依赖3个MIT/开源协议词库,**无侵权风险** 3. **平台合规**:内置抖音特有限流词库,适配短视频平台内容发布合规要求 ## 八、加固建议(可选) 1. 新增词库更新校验:对拉取的词库文件增加哈希值校验,防止篡改 2. 优化匹配逻辑:支持精确词匹配+子串匹配双模式,降低误报率 3. 增加日志功能:可选开启本地检测日志留存,便于追溯排查 4. 定期人工复核:每周人工核对抖音最新限流规则,补充内置词库
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may rely on online search results and local script output when drafting content, so bad sources or an unexpected script path could affect the result.
The skill directs the agent to use web search and run a local Python checker. That is expected for research, fact-checking, and style scoring, but it is still tool use the user should be aware of.
requires: ["python3", "web_search"] ... 针对选定选题,强制执行深度搜索 ... 运行 `scripts/check_logic.py` 自评
Review sources used for factual claims and run only the reviewed local checker, not a substitute script from an untrusted location.
The documented command may fail, or a user/agent might accidentally run a different local file with the expected name.
The manifest provides `scriptscheck_logic.py`, not `scripts/check_logic.py`, and no `scripts/verify_facts.py` is included. This creates packaging/provenance ambiguity, though no unsafe missing-code execution is shown.
AI味测评:运行 `scripts/check_logic.py` ... `scripts/verify_facts.py`
Fix the file paths before use and avoid running any similarly named script unless it is part of the reviewed package.
Audiences could over-trust the generated script if it is presented as personal expert experience or human-authored advice without appropriate context.
The skill instructs the agent to write as a seasoned education observer and remove obvious AI style. This is aligned with the content-generation purpose, but it can make generated public content sound more human and authoritative than it really is.
身份:一个在教育圈摸爬滚打15年、看透升学真相的资深观察者 ... 去AI化底层协议
Verify education claims carefully, avoid impersonating real experts or making unsupported authority claims, and disclose AI assistance where appropriate.