Fast Douyin Publish
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its Douyin publishing purpose, but it stores account sessions and ships a broader multi-service credential config than the Douyin-only description explains.
Review the full script before using it, remove the unrelated account entries from config/accounts.json, and only run the publisher on a trusted device when you are ready for the selected video and text to go public on Douyin.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may unnecessarily store credentials for services outside the stated Douyin purpose, widening the account-access surface.
The skill is described as a Douyin QR-login publisher, but the shipped config enables multiple unrelated services and includes username/password fields for them.
"wechat_channels": { "enabled": true, "username": "", "password": "" }, ... "youtube": { "enabled": true, "username": "", "password": "" }Do not fill unrelated password fields; remove or disable non-Douyin account entries unless the skill clearly documents and scopes support for those platforms.
Anyone who can read the saved cookie/session file may be able to act as the logged-in Douyin account.
The skill stores Douyin session state locally so it can keep publishing without repeated QR login; this is expected but sensitive account authority.
`config/cookies/douyin.json` - 登录状态 ... Cookie 保存在本地,注意保密
Use the skill only on a trusted machine, protect the config/cookies directory, and delete saved cookies when you no longer need persistent login.
Running the command can publish content to a real Douyin account, potentially with generated titles/tags and no separate final confirmation in the artifacts.
The script automates uploading and pressing the public publish button, including a force-click fallback; this is central to the skill but high-impact.
file_input.set_input_files(video_path) ... publish_btn.click() ... publish_btn.click(force=True)
Only run it when you intend to publish immediately; review the video, generated title, and tags before invoking the script.
Users must trust the package installation path and may not see the dependency requirement from metadata alone.
The documented setup requires installing a Python package and browser runtime, but the registry metadata declares no required binaries or install spec.
pip install playwright playwright install chromium
Install dependencies from trusted sources, consider pinning versions, and ensure the metadata accurately declares Playwright/Chromium requirements.