抖音视频提取文案
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill matches its stated purpose of downloading a user-provided Douyin video and transcribing it, but users should notice that it uses headless browser automation to bypass a login modal and requires unpinned local dependencies.
Before installing, make sure you are comfortable running local Python/browser tooling and downloading unpinned dependencies and Whisper models. Use the skill only for Douyin videos you are allowed to access and transcribe, and run it in a dedicated folder because it writes fixed output filenames such as douyin_video.mp4, transcript.txt, and transcript.json.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may automate access to and download of Douyin video content that the site tries to gate with a login prompt.
The skill explicitly uses Playwright DOM extraction to obtain the video source even when a login modal is present. This is disclosed and central to the transcription purpose, but users should ensure they are allowed to access and download the content.
从`video`元素`src`中提取(最可靠,可绕过登录墙)
Use only on videos you have permission to access and transcribe, and be aware this may conflict with platform rules or content owner expectations.
Installing the skill’s dependencies may download and run third-party packages and browser binaries whose exact versions are not fixed.
The setup uses unpinned package installs and downloads a Playwright browser. This is expected for the workflow, but dependency versions and provenance are not locked in the artifacts.
pip install playwright openai-whisper imageio[ffmpeg] requests playwright install chromium
Install in an isolated environment, review dependency sources, and pin package versions if you need reproducible or higher-assurance setup.