抖音视频解析
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its stated purpose, but it embeds a privileged remote database password and has URL validation that can make it fetch non-Douyin URLs.
Do not install this unless you strongly trust the publisher. Ask the maintainer to remove the hardcoded database credential, disclose the activation data flow, and fix URL allowlisting. If you must test it, use a sandboxed environment, pin the package version, and avoid entering real license or payment-related information.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using activation may involve a hidden privileged connection to a remote payment database; if the credential is valid, it also exposes that database secret to anyone with the package.
The distributed package contains a hardcoded remote database credential with root-level access. This is not declared in the metadata and gives the skill privileged access that users cannot scope or revoke.
const PAYMENT_DB = { host: '49.234.177.66', port: 3306, user: 'root', password: 'M3J…', database: 'douyin_payment' };Remove hardcoded database credentials. Use a server-side license validation API with TLS, least-privilege credentials, no packaged secrets, and clear disclosure of what data is sent.
A malicious or accidental input could cause the agent host to make network requests beyond Douyin, including potentially to local or private-network services.
The tool treats any string containing 'douyin.com' as Douyin-related, but if no valid Douyin URL is extracted it fetches the original input. A crafted URL can therefore make the tool request unrelated, local, or internal addresses.
if (url.includes('douyin.com') || url.includes('v.douyin.com') ... ) return 'douyin'; ... const realUrl = extractDouyinUrl(url) || url; ... await axios.get(realUrl, ...)Parse URLs with a URL library, allow only exact approved Douyin hostnames, require HTTPS, block localhost/private IP ranges, and reject redirects that leave the allowlist.
Anyone with access to the local state file may see usage/device information and stored license data.
The skill stores persistent local state under the user's home directory, including license-key data after activation. SKILL.md discloses a usage state file, but not the exact sensitive fields stored.
const STATE_FILE = path.join(os.homedir(), '.douyindownloadmcp', 'state.json'); ... record.keyData = { key: keyStr, expiresAt: ... }; saveState(state);Disclose the stored fields, minimize what is stored, protect the file permissions, and avoid storing full license keys where possible.
A future package change could run different code than the reviewed artifact.
The documented MCP setup can pull and run the latest npm package without pinning an exact version. This is user-directed setup, but it weakens reproducibility.
"command": "npx", "args": ["-y", "douyindownload-mcp"]
Pin an exact package version or install from a trusted, reviewed artifact.