Bulk Tiktok Downloader
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it claims—download user-supplied TikTok URLs with yt-dlp—but users should review the URL list, output folder, and dependency before running it.
Before installing, confirm you trust the yt-dlp dependency source, review the URL list, use a dedicated output folder, and only download content you are authorized to save.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An unintended or untrusted URL list could cause downloads from unexpected sites or create a larger batch of network requests than the user intended.
Every non-comment line from the user-provided file is sent to yt-dlp for downloading; the script does not enforce TikTok-only domains.
urls = [line.strip() for line in f if line.strip() and not line.startswith('#')] ... ydl.download([url])Review the URL list before running, keep batches reasonable, and add domain validation if the downloader should be restricted to TikTok URLs only.
The dependency is central to the skill, and package changes over time could affect behavior or security.
The skill depends on a third-party package with only a minimum version, so future installs may resolve to newer package code.
yt-dlp>=2024.1.1
Install from a trusted package index, consider pinning a reviewed yt-dlp version, and run the downloader in a normal user account or dedicated workspace.