Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TikTok Carousel Generator

v1.0.0

Generate viral TikTok photo carousels using AI. Uses 6-slide formula for maximum engagement and includes learning loop for continuous improvement.

⭐ 0· 3.5k·0 current·0 all-time

by@g0atfac3

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The name/description (generate + post TikTok carousels) aligns with the included scripts: generate_carousel.py, learning_loop.py, and post_carousel.py which use OpenAI and automate posting. However metadata declares only curl as a required binary while the code actually relies on Python, the openai Python client, and Selenium/Chrome for posting — this is a capability/requirement mismatch. Also the skill declares TIKTOK_COOKIES env var but the poster script prefers a cookies JSON file and interactive Selenium login, so the declared envs and actual code are inconsistent.

Instruction Scope

SKILL.md instructs setting OPENAI_API_KEY and TIKTOK_COOKIES (reasonable), but the runtime code writes metric and cookie files to a hardcoded absolute path (/Users/g0atface/clawd/skills/tiktok-carousel/data). The learning loop auto-tracks metrics and updates strategy files — this introduces persistent local state. The SKILL.md also contains a pre-scan injection signal (unicode-control-chars) that may attempt to influence processors. Overall the instructions and code reference reading/writing local files and controlling a browser session (Selenium), which goes beyond simple prompt generation and requires careful review.

Install Mechanism

There is no install spec, but the package includes a full Python virtualenv with ~thousands of files (openai, httpx, selenium dependencies, pip vendor libs, etc.). Shipping a pre-bundled venv is heavy and raises risk because many third-party libraries are present and will be executed locally. The skill also assumes availability of a Chrome webdriver and headless Chrome but does not declare these binaries. No network download URL is present, which reduces some risk, but the embedded venv increases the attack surface and maintenance/compatibility concerns.

Credentials

Requesting OPENAI_API_KEY is proportional to AI image generation. Requesting TIKTOK_COOKIES is plausible for posting, but the code does not actually read TIKTOK_COOKIES from the environment; instead it expects a cookies JSON file created by the Selenium login flow. That discrepancy is concerning. The number of required envs is small, but the way cookies/session data are handled (file storage, Selenium session) raises privacy and credential-handling concerns. Additionally, required binaries metadata omits Chrome/chromedriver and Python runtime, which the code needs.

Persistence & Privilege

The scripts create and write persistent files (carousels.json, metrics.json, cookies saved to tiktok_cookies.json, strategy.json, etc.) under a hardcoded absolute data directory (/Users/g0atface/...). The skill does not request always:true but it does persist local state and can update its strategy file via the learning loop. The Selenium-based posting can reuse stored cookies, so cookies and session data are persisted locally. While not automatically malicious, persistent filesystem writes combined with browser automation increase blast radius and warrant caution.

Scan Findings in Context

[unicode-control-chars] unexpected: The SKILL.md contained unicode control characters flagged by the pre-scan. That can be used for prompt or instruction injection and is unexpected for a straightforward documentation file; it should be removed/cleaned and the SKILL.md reviewed.

What to consider before installing

This skill contains real Python scripts to generate images (via OpenAI), track performance, and automate posting to TikTok using Selenium. Before installing or running it: - Review the code yourself (especially scripts/post_carousel.py and scripts/generate_carousel.py) or have a developer inspect them. The package ships a large embedded Python virtualenv and many third-party libraries; that increases the attack surface. - Note the mismatches: the manifest only lists curl but the code actually needs Python, the OpenAI Python client, and Selenium + a Chrome/Chromedriver installation. Do not assume curl is the only external dependency. - The code writes persistent files to a hardcoded absolute path (/Users/g0atface/...). Either change these paths to a sandboxed directory you control, or run the skill in an isolated environment (container/VM) to avoid unexpected writes. - The skill asks for TikTok session cookies: avoid exporting live cookies directly into the environment until you confirm how they are used. The poster script expects a cookie JSON file produced by an interactive Selenium login — verify cookie handling and never provide credentials to untrusted code. - Clean the SKILL.md (remove unicode-control-chars) and confirm provenance: the source is unknown — prefer code from a known author or review each dependency in the vendored venv. - If you still want to try it, run it in a sandboxed VM/container, limit network access as appropriate, and use throwaway TikTok/OPENAI credentials. Rotate any API keys or cookies after testing. If you want, I can: (1) summarize the exact lines in the scripts that read/write cookies or perform network calls, (2) produce a checklist of minimal changes to make the skill safer (e.g., configurable data_dir, no embedded venv), or (3) highlight any lines that look like they might exfiltrate secrets.

✗

venv/lib/python3.14/site-packages/pip/_vendor/pygments/formatters/__init__.py:91