ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Douyin Short Video Factory

v1.0.0

Create Douyin (抖音) short videos end-to-end: AI image generation, video prompt creation, frame extraction, and hashtag optimization. Integrates with Douyin's...

0· 110·0 current·0 all-time
by@dzxiatian-crypto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims end-to-end integration with Douyin's ecosystem but declares no required environment variables, credentials, or install steps. The SKILL.md shows example runtime calls to 'mcporter' and functions like 'douyin.parse_douyin_video_info' that are not supplied or documented, so it's unclear how the claimed integration would actually work.
Instruction Scope
Instructions are narrowly scoped to parsing, generating tags, and scoring virality and include concrete code snippets. However, the usage examples call an external tool ('mcporter') and an external module ('douyin') without explaining what those components are or how the agent obtains permission to use them. The instructions do not direct the agent to read unrelated files or secrets.
Install Mechanism
There is no install spec and no files beyond SKILL.md, so nothing is written to disk by the skill itself. This lowers risk but also contributes to the functional gaps (no connector code provided).
!
Credentials
No credentials, API keys, or config paths are requested, yet the skill purports to integrate with Douyin (a third-party platform that normally requires tokens or authenticated endpoints). The absence of any declared auth mechanism or required env vars is inconsistent with the stated purpose.
Persistence & Privilege
The skill does not request always:true and has no install actions that would persist or modify agent/system configuration. Default autonomous invocation is allowed (platform default) but not combined with other privilege-escalating signals.
What to consider before installing
This skill looks like a set of helper snippets, not a complete Douyin connector. Before installing, ask the author for: (1) the implementation of the 'mcporter' tool and the 'douyin' module referenced in examples; (2) how authentication to Douyin is handled (what credentials, where stored, and why they aren't declared); and (3) a source/homepage or repository so you can inspect code. Treat it as non-functional until those questions are answered. Do not provide Douyin or other platform credentials to the skill unless you can verify the code and hosting. If you must experiment, run it in an isolated environment and avoid granting any secrets or broad agent/system access.

Like a lobster shell, security has layers — review code before you run it.

aivk9720nav04brt036vy1m2as8pn84g1jeautomationvk9720nav04brt036vy1m2as8pn84g1jelatestvk9720nav04brt036vy1m2as8pn84g1je

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments