Douyin-skill

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears to match its stated Douyin upload purpose, but it can reuse your Douyin session and publish videos publicly, so install only if you want that automation.

Use this skill only on a trusted machine and with a Douyin account you are comfortable automating. Complete login manually, keep the saved cookie file private, use --no-publish for test uploads, and clear stored login data when finished.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

Medium

What this means

If invoked with the wrong file, title, or account session, the agent could publish unintended content to the user's Douyin account.

Why it was flagged

The upload command publishes by default unless the user explicitly chooses draft mode.

Skill content

autoPublish: true ... case '--no-publish': result.autoPublish = false;

Recommendation

Use --no-publish when testing, review the video/title/description before upload, and only allow the skill to run when you intend to publish.

#ASI03: Identity and Privilege Abuse

Medium

What this means

Anyone or anything with access to this local skill directory may be able to reuse the saved Douyin session until it expires or is cleared.

Why it was flagged

The skill stores reusable Douyin login cookies locally so it can act as the logged-in user.

Skill content

Cookie file: `{baseDir}/douyin-cookies.json` — Stores Douyin login credentials locally only (file permission: 0600)

Recommendation

Install in a trusted local environment, protect the skill directory, and run `node scripts/manage.js clear` when you no longer need the session.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

Future installs may resolve to a newer Puppeteer version, which is normal for npm but gives less reproducibility than a pinned dependency.

Why it was flagged

The skill depends on an npm package with a semver range rather than an exact pinned version.

Skill content

"dependencies": { "puppeteer": "^23.11.1" }

Recommendation

If reproducibility is important, install from a trusted package source and consider pinning or reviewing the resolved lockfile before use.

#ASI05: Unexpected Code Execution

Low

What this means

The skill can run local Node/npm commands needed for setup and operation.

Why it was flagged

The skill authorizes Node and npm command execution, which is expected for this bundled CLI-style uploader.

Skill content

allowed-tools: Bash(node *) Bash(npm *)

Recommendation

Only run the documented commands from the skill directory and avoid granting broader command access than needed.