Back to skill
Skillv1.0.0
ClawScan security
Douyin DL · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 12, 2026, 9:14 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is coherent for downloading Douyin videos, but the included Python script runs shell commands with unsanitized inputs (potential command injection) and relies on an external CLI (agent-browser) so you should review or sandbox it before use.
- Guidance
- This skill appears to do what it claims, but the included Python script runs shell commands with shell=True and inserts user-supplied URL and the extracted video URL verbatim into command strings. That creates a real command-injection risk. Before installing or invoking: (1) Inspect or run the script in a restricted/sandboxed environment (VM/container) rather than on a production machine. (2) Ensure agent-browser is installed from a trusted source (npm package integrity). (3) Prefer fixing the script: use subprocess.run with a list of arguments or use shlex.quote when building commands, validate/sanitize the URL and video_src, and avoid shell=True. (4) If you cannot audit or patch the code, avoid running it with untrusted inputs or allow the agent to invoke it autonomously.
Review Dimensions
- Purpose & Capability
- okName/description match the code and SKILL.md: it opens Douyin pages with a headless browser, extracts the video src, and downloads via curl. Required tools (agent-browser, curl) are appropriate and declared in SKILL.md.
- Instruction Scope
- noteInstructions and script stay within the stated downloading purpose (open page, extract <video>, download). However the script accepts arbitrary URLs and inserts both the user-supplied URL and the extracted video_src directly into shell commands (subprocess.run(..., shell=True)), creating a command-injection risk if inputs contain malicious characters or if the page provides unexpected values.
- Install Mechanism
- okNo install spec (instruction-only plus an included script). The script requires agent-browser and curl, and SKILL.md documents that. Nothing is downloaded from untrusted URLs or installed automatically by the skill.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill's access needs are minimal and appropriate for its purpose.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or system-wide privileges. It does invoke external binaries but does not modify other skills or system configs.