Douyin Video Publisher
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is clear, but it can log in to a Douyin account, persist session cookies, and publish public videos through unreviewed MCP servers.
Review this skill before installing. Only use it if you trust the referenced MCP server and understand where Douyin cookies are stored. Confirm the exact video, title, description, tags, and account before publishing, and know how to revoke the Douyin login session or delete the saved cookie file.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-eager invocation could publish content to the user’s Douyin account before the user has reviewed the final title, tags, description, or account context.
The documented workflow directs the agent to proceed from a chat request to public publishing, but the artifact does not specify a mandatory final approval, draft review, or containment step.
直接在对话中发布视频 ... 帮我发布视频到抖音 ... 🚀 正在发布... ✅ 发布成功!
Require explicit user confirmation immediately before publishing, and prefer a draft/preview step showing the exact account, video path, title, description, tags, and visibility.
Whoever can access or operate the MCP server/session file may be able to act as the logged-in Douyin account until the session expires or is revoked.
The skill uses and persists Douyin login cookies, which are account-session credentials; the registry declares no primary credential or required config path for this sensitive access.
Cookie 保存:自动持久化登录状态 ... Cookie 保存:`~/douyin-mcp-server/mcp-server/douyin-cookies.json`
Use a dedicated creator account if possible, protect the cookie file, document how to revoke the session, and declare the credential/session requirement explicitly.
Users cannot verify from this skill alone what the MCP server does with videos, cookies, browser automation, or Douyin account actions.
The high-impact login/upload/publish behavior is delegated to external MCP server code that is not included in the reviewed artifact set.
需要配置好的 MCP 服务器 ... `node ~/douyin-mcp-server/mcp-server/dist/index.js` ... `uvx douyin-mcp-server`
Install only from a trusted, pinned MCP source; review the MCP server code and dependencies; and avoid granting account access to unknown local packages.
Video content and account-session operations may pass through an external local tool whose boundaries are not described by the skill metadata.
The agent is expected to hand account actions, selected video paths, titles, descriptions, and tags to an MCP server, but the artifact does not define permissions, data handling, or trust boundaries for that server.
douyin-upload - 视频上传 MCP ... 功能:登录、上传、发布视频
Document exactly what data is sent to the MCP server, restrict the server’s permissions, and require user approval before sending files or account actions.