Douyin Transcribe

This skill appears to implement the stated Douyin→audio→local-ASR pipeline, but there are several things to check before installing or running it: 1) The Node script uses a non-standard import path (/tmp/puppeteer_test/node_modules/puppeteer-core) and expects Chrome at /usr/bin/google-chrome; verify these paths or adjust the script to use your system's Node/pupeteer and Chrome. 2) The script navigates to an external parser site (hellotik.app) and intercepts network traffic to find CDN URLs — this is necessary for the task but means the code loads third-party web content during execution. 3) feishu_upload.py references FEISHU_APP_TOKEN and FEISHU_TOKEN (environment variables) in a placeholder; the SKILL metadata does not declare these. If you plan to use Feishu upload, confirm what credentials are actually required and do not expose broad tokens to untrusted code. 4) The skill instructs installing a global npm ASR CLI and downloading a model from GitHub — these network downloads and global installs should be performed in a controlled environment (container or VM) if you are concerned about supply-chain or permission issues. 5) The Node launch uses Chrome flags like --no-sandbox; running headless Chrome without a sandbox has security implications — prefer running in a sandboxed container. If these oddities (hardcoded paths, undeclared env vars, external site dependency) are acceptable and you review the scripts locally before running, the risk is moderate; otherwise treat the skill as untrusted and run it in isolation or decline to install.