Tiktok Android
v1.0.0Automate TikTok engagement on Android using ADB. Search topics, comment with AI or templates, includes setup wizard. Use for TikTok automation campaigns and building social presence through strategic commenting.
⭐ 3· 1.8k·2 current·2 all-time
by@mladjan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (ADB-based TikTok automation) align with the repository contents: scripts call adb, take screenshots, tap coordinates, and generate/post comments. Required AI provider libraries (anthropic/openai) and instructions for API keys are consistent with the optional AI comment mode.
Instruction Scope
SKILL.md and the scripts instruct the agent to control an Android device via adb (take screenshots, tap coordinates, dismiss keyboard, post comments) and, optionally, send screenshots to AI providers for comment generation. This is within the claimed scope. Notes: the setup writes API keys to a local .env and saves screenshots and logs to a data/ folder; some files reference an absolute development path (/Users/mladjanantic/.openclaw/workspace/androidSkill) which is a brittle/hardcoded artifact and may leak a username. Also review omitted files (especially src.ai_comments and tiktok_android_bot) for any unexpected network endpoints or data-sending behavior before running.
Install Mechanism
There is no automated install spec. A requirements.txt lists loguru, anthropic, and openai — a normal Python package setup. No remote download URLs or archive extraction are used. You should pip-install dependencies in a controlled environment (venv) before running.
Credentials
The skill declares no required environment variables but the code accepts ANDROID_DEVICE_ID and the setup stores AI API keys (ANTHROPIC_API_KEY / OPENAI_API_KEY / OPENROUTER_API_KEY) in a plaintext .env file when AI mode is chosen. Requesting API keys for AI providers is proportionate to the AI comment feature, but note keys are stored unencrypted and the code will use them to call third-party APIs — verify that only expected providers are contacted.
Persistence & Privilege
always is false and there is no install that forces persistent platform presence. The README suggests optional scheduling via OpenClaw cron (user action). The skill does write local config (config.py, .env, .bot_settings.json) which is expected for a local tool; it does not appear to modify other skills or platform-wide settings.
Assessment
This package appears to do what it claims (control TikTok on an Android device via adb and optionally use AI to craft comments). Before installing or running it:
- Review the omitted code (especially src/ai_comments.py and src/bot/android/tiktok_android_bot.py) to confirm which network endpoints are contacted and that API keys are only sent to the expected AI providers.
- Be aware the setup will write your AI API key in plaintext to a .env file; store and rotate keys appropriately and avoid committing .env to version control.
- The package uses adb and will interact with any connected Android device; run it only on devices/accounts you control. Automated commenting can violate platform terms and may lead to account restrictions.
- The repository contains a hardcoded absolute path in some run scripts and a logger import that references src.config; these are engineering issues that may cause runtime errors — test in an isolated environment (virtualenv/container) first.
- If you plan to schedule autonomous runs (cron), be cautious: autonomous execution combined with network access raises the blast radius if a component is misconfigured. Only schedule after a manual, monitored run and after confirming network behavior.
If you want, I can: (a) scan the omitted files for network calls and suspicious patterns, (b) point out exact lines where API keys are read/written, or (c) suggest a sanitized test plan to run this safely in a VM or disposable environment.Like a lobster shell, security has layers — review code before you run it.
latestvk974kwdek569535m02cx6m67x980ejye
License
MIT-0
Free to use, modify, and redistribute. No attribution required.