ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Douyin Automation

v1.1.0

抖音内容自动化运营技能。跨平台(Windows/macOS/Linux),一键安装,自动 clone 后端代码并配置,流水线执行:抓取AI量化视频→AI改写→发布长图文→自动回复评论。支持 Cron 定时任务。

0· 67·0 current·0 all-time
by@hnc87

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for hnc87/douyin-auto-hnc.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Douyin Automation" (hnc87/douyin-auto-hnc) from ClawHub.
Skill page: https://clawhub.ai/hnc87/douyin-auto-hnc
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install douyin-auto-hnc

ClawHub CLI

Package manager switcher

npx clawhub@latest install douyin-auto-hnc
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The described capability (automating Douyin publishing) aligns with the included scripts: cloning a backend repo, copying 'creator-tools', starting Chrome with CDP and a FastAPI backend, and running an orchestrator. However the setup script probes local GitHub auth (gh CLI, GITHUB_TOKEN, GH_TOKEN, ~/.git-credentials) which is not documented in SKILL.md and is noteworthy — cloning private repos can justify this, but it should be explicit.
!
Instruction Scope
SKILL.md tells the user to run setup.py which will: clone repos, copy files into ~/.openclaw, install Python deps, generate CONFIG.md, and run health checks. The setup script also attempts to read local git credentials and environment tokens and will perform network operations (git clone). start-backend.py launches Chrome with remote-debugging and creates a persistent profile under ~/.openclaw, and run-pipeline.py invokes the orchestrator that will interact with creator.douyin.com via automated scripts. These are all within the stated purpose, but the instructions give the skill broad filesystem and network actions (including reading credential stores) that are not called out in the top-level description.
Install Mechanism
There is no packaged installer; the skill is instruction- and script-based and clones code from GitHub (https://github.com/HNC87/douyin-agent-master and https://github.com/HNC87/douyin-automation-skill). Cloning from GitHub is normal, but the SKILL.md/source do not provide a trusted upstream homepage and the repos are third-party (owner HNC87). No downloads from arbitrary shorteners or unknown IPs were seen.
!
Credentials
The skill declares no required env vars but the setup script actively searches for GitHub auth via: gh CLI output, GITHUB_TOKEN/GH_TOKEN env vars, and ~/.git-credentials. This is plausible for cloning private repos, but probing for and using tokens without documenting it is a risk (token exposure, accidental use of privileged tokens). The skill also uses local OpenClaw Gateway and an external image API (api.ai6700.com) referenced in docs, yet no API keys or configuration steps for those services are explicitly declared in SKILL.md.
Persistence & Privilege
The skill writes configuration and files under the user's home (~/.qclaw or ~/.openclaw, ~/douyin), creates a Chrome user-data dir (~/.openclaw/chrome-douyin-profile), and can add cron jobs via the openclaw cron commands in SKILL.md. It does not set always:true and does not modify other skills' configs. Writing persistent files and creating scheduled tasks is expected for this automation, but users should be aware these persistent artifacts are created.
What to consider before installing
What to check before you install/run this skill: - Review the upstream repositories (https://github.com/HNC87/douyin-agent-master and the creator-tools repo) before running setup.py. The skill will git-clone and execute code from them. - The setup script will try to find GitHub credentials (gh auth token, GITHUB_TOKEN/GH_TOKEN, and ~/.git-credentials). If you keep sensitive tokens in your environment or git credential store, consider unsetting them or using a limited-scope token. Embedding tokens into clone URLs can accidentally persist credentials in .git/config. - The skill creates a Chrome profile under ~/.openclaw and launches Chrome with --remote-debugging-port. That profile will persist and can contain login state; only log into Douyin in that profile if you trust the code and machine. CDP exposes a local control interface — avoid running this on a shared or untrusted host. - The workflow references external services (OpenClaw Gateway at localhost and an image API api.ai6700.com). Make sure you understand what external endpoints will be called and whether API keys or account credentials are required and where they should be stored. - Prefer running the setup and initial runs in an isolated environment (VM or disposable user account) so you can inspect what was written (CONFIG.md, created directories, .git/config in cloned repos) and remove tokens or cron entries afterward. - If you proceed, inspect the created files (CONFIG.md, the cloned backend, and the creator-tools JS) before starting services or enabling cron. If you are not comfortable auditing third‑party code, do not run the scripts with administrative or high-privilege credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk9714fjxs956x790a2s5p9zw7185gd33
67downloads
0stars
2versions
Updated 3d ago
v1.1.0
MIT-0
@hnc87
latest
Download

Douyin-Automation 抖音自动化运营

🚀 一键安装(2条命令)

# 1. 安装 skill(自动安装所有依赖)
clawhub install douyin-auto-hnc

# 2. 全自动引导(自动 clone 后端 + 配置路径 + 健康检查)
python ~/.qclaw/skills/douyin-automation/scripts/setup.py

macOS/Linux 用户:路径为 ~/.qclaw/skills/douyin-automation/scripts/setup.py

完整流程

安装 skill → setup.py (自动 clone 后端) → start-backend.py (启动服务)
                                                        ↓
                                                 run-pipeline.py (执行发布)

第1步:安装

clawhub install douyin-auto-hnc

第2步:运行 setup.py(全自动)

python ~/.qclaw/skills/douyin-automation/scripts/setup.py

setup.py 自动完成:

  • 从 GitHub clone douyin-agent-master 后端代码到 ~/douyin/
  • 复制 creator-tools 到 ~/.openclaw/douyin-creator-tools/
  • 安装 Python 依赖(requests, playwright 等)
  • 交互式确认端口和路径配置
  • 生成 CONFIG.md
  • 运行健康检查

第3步:启动服务(一键)

python ~/.qclaw/skills/douyin-automation/scripts/start-backend.py
  • 自动启动 Chrome(带 --remote-debugging-port
  • 自动启动 FastAPI 后端(端口 8080)
  • 如果端口已被占用则跳过(已运行)

第4步:执行流水线

# 正式运行
python ~/.qclaw/skills/douyin-automation/scripts/run-pipeline.py

# 试运行(不实际发布)
python ~/.qclaw/skills/douyin-automation/scripts/run-pipeline.py --dry-run

# 禁用 AI 优化(直接发布原始内容)
python ~/.qclaw/skills/douyin-automation/scripts/run-pipeline.py --no-ai

第5步:配置定时任务(可选)

# 抖音运营流水线,每 6 小时执行
openclaw cron add "DOUYIN-PIPELINE-6H" \
  --cron "0 */6 * * *" \
  --message "执行: python ~/.qclaw/skills/douyin-automation/scripts/run-pipeline.py"

# 抖音评论回复,每 30 分钟执行
openclaw cron add "DOUYIN-COMMENTS-30M" \
  --cron "*/30 * * * *" \
  --message "执行: python ~/.qclaw/skills/douyin-automation/scripts/run-pipeline.py --comments-only"

系统架构

GitHub: HNC87/douyin-agent-master
  ↓ clone 到 ~/douyin/
  ↓
douyin-agent-master/backend/    (FastAPI :8080)
douyin-agent-master/orchestrator/douyin_full_orchestrator.py
  ↓
douyin-creator-tools/
  publish-douyin-article.mjs   → 发布到抖音
  export-douyin-comments.mjs   → 导出未回复评论
  reply-douyin-comments.mjs    → 自动回复
  ↓
OpenClaw Gateway (http://127.0.0.1:28789)
  → AI 改写内容(openclaw/default 模型)

手动前提条件

必须提前准备(setup.py 无法自动化):

  1. Chrome 浏览器(已安装)
  2. 抖音账号已登录 Chrome(首次运行 setup.py 后,用 Chrome 手动扫码登录一次)
  3. OpenClaw Gateway 运行中(AI 改写需要)

可选(提高自动化程度):

  • Python 3.11+
  • Node.js(用于 creator-tools 脚本)

配置说明

所有路径集中在 ~/.qclaw/skills/douyin-automation/CONFIG.md

默认值说明
chrome_cdp_port9222Chrome 调试端口
agent_port8080FastAPI 后端端口
openclaw_gatewayhttp://127.0.0.1:28789AI 网关地址
douyin_home~/douyin项目根目录

重新配置:

python ~/.qclaw/skills/douyin-automation/scripts/setup.py

详细内容

常见问题

问题解决
"No items to publish"确认 douyin-agent 已抓取并改写视频内容到 DB
"CONFIG.md not found"运行 python scripts/setup.py
Chrome CDP 连接失败确保 Chrome 已退出,重新运行 start-backend.py
AI 改写失败检查 OpenClaw Gateway 是否运行
登录态失效重新用 Chrome 扫码登录 creator.douyin.com

更新 skill

clawhub update douyin-auto-hnc

Comments

Loading comments...