Douyin Video Downloader (抖音视频下载器)
v1.0.0Download Douyin (抖音) videos via the TikHub API — no login required. USE THIS SKILL whenever the user: - Shares a Douyin link (v.douyin.com, douyin.com, or an...
⭐ 0· 103·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Douyin downloader via TikHub) align with the included script and SKILL.md. The script calls the TikHub API, parses a direct video URL, and optionally downloads to ~/Downloads/douyin. Required functionality (a TikHub token) is consistent with the purpose.
Instruction Scope
The SKILL.md and script require a TikHub API token stored in ~/.openclaw/config.json and instruct running the bundled Python script. However, the registry metadata did not declare any required config paths; this mismatch (metadata says no config paths but the runtime reads ~/.openclaw/config.json) is an inconsistency that users should be aware of. Otherwise the instructions are scoped to the stated task (resolving short links, calling the API, downloading the video).
Install Mechanism
No install spec (instruction-only with one bundled script). No downloads from arbitrary URLs or package installs — low install risk. The skill will perform normal network I/O and write files when used.
Credentials
No environment variables or external credentials are requested by the registry, but the script requires a TikHub API token stored in a local config file (~/.openclaw/config.json). This single credential is proportional to the task, but it is stored in plaintext JSON and readable by any local process with access to that file.
Persistence & Privilege
always:false (good). The skill is allowed to be invoked autonomously by the agent (platform default). SKILL.md explicitly tells agents to 'always use this skill when you detect a Douyin URL', which could cause the agent to run the script whenever a Douyin link appears even if the user didn't explicitly request a download — users should consider whether they want automatic invocation in that context.
Assessment
This skill appears to do what it claims, but review these practical points before installing:
- The script reads your TikHub API token from ~/.openclaw/config.json (plain JSON). Only put a token there if you trust the local environment and the TikHub service. Any local process that can read that file can use the token.
- The skill makes outbound requests to api.tikhub.io and to the video URL host (douyin). If you have network/privacy concerns, be aware that a third-party service (TikHub) will see the requested video IDs and trigger the subsequent fetches.
- Downloads are saved to ~/Downloads/douyin by default. Ensure you are comfortable with files being written there and with the copyright/legal implications of saving videos.
- Metadata omitted a required config path: the registry showed no config paths but the SKILL.md/script require ~/.openclaw/config.json. This is an informational inconsistency — not necessarily malicious, but worth noting.
- If you are concerned about automatic invocation, disable autonomous skill invocation or instruct the agent not to auto-run this skill when it merely detects a link.
If you want stronger safety: inspect the script yourself (it is included), store the token in a more restricted location and update the code if desired, or run the script manually rather than allowing autonomous invocation.Like a lobster shell, security has layers — review code before you run it.
chinesevk9766228myh1enesep9x1hrn4583b0wsdouyinvk9766228myh1enesep9x1hrn4583b0wsdownloadvk9766228myh1enesep9x1hrn4583b0wslatestvk9766228myh1enesep9x1hrn4583b0wstikhubvk9766228myh1enesep9x1hrn4583b0wstiktokvk9766228myh1enesep9x1hrn4583b0wsvideovk9766228myh1enesep9x1hrn4583b0ws
License
MIT-0
Free to use, modify, and redistribute. No attribution required.