ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

zc-douyin-xiazai-txt

v1.0.0

抖音无水印视频下载与文案提取工具,使用本地 ffmpeg 与 Whisper 完成下载、音频提取和文字转写,可选语义分段。

0· 49·0 current·0 all-time
by张翀@openclawzhangchong

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for openclawzhangchong/zc-douyin-xiazai-txt.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "zc-douyin-xiazai-txt" (openclawzhangchong/zc-douyin-xiazai-txt) from ClawHub.
Skill page: https://clawhub.ai/openclawzhangchong/zc-douyin-xiazai-txt
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: ffmpeg, whisper
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install zc-douyin-xiazai-txt

ClawHub CLI

Package manager switcher

npx clawhub@latest install zc-douyin-xiazai-txt
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description claim: download Douyin no-watermark videos and transcribe with local ffmpeg + Whisper. The code does implement downloading, ffmpeg audio extraction, and Whisper transcription, so purpose is generally aligned. However, the implementation requires very specific local paths (hardcoded C:\Users\Administrator\ffmpeg-8.1-full_build\bin\ffmpeg.exe and default download folder under C:\Users\Administrator) and assumes Windows Administrator environment, which is disproportionate to the stated cross-platform purpose and not reflected in the registry metadata or generic 'requires: ffmpeg, whisper'. Usage examples in SKILL.md also reference inconsistent skill folder names (e.g., zc_douyin-download-local vs zc_douyin_xiazai_txt), indicating sloppy packaging.
!
Instruction Scope
SKILL.md gives commands to run the included douyin.js and describes local ffmpeg/whisper use. The code accesses the network (fetching share pages and video URLs) which is expected, and writes files to disk (downloads, audio, transcripts). Concerns: the script uses absolute, privileged-looking filesystem locations (Administrator home paths) and hardcoded ffmpeg binary locations rather than the generic 'ffmpeg' on PATH, so running it may read/write/create files in Administrator-owned directories unexpectedly. The SKILL.md and code both reference official Douyin domains (iesdouyin.com / aweme.snssdk.com) only; there is no other outbound exfiltration endpoint in the visible code.
Install Mechanism
This is instruction-only with a bundled douyin.js file and no install spec — lowest install risk. No third-party downloads or installers are invoked by an install step. The script itself spawns external binaries (ffmpeg, whisper) but does not pull code from arbitrary URLs during installation.
!
Credentials
The skill declares no required env vars or credentials (which is appropriate), but the code hardcodes platform- and user-specific filesystem paths (C:\Users\Administrator\...) and absolute ffmpeg binary locations. That is disproportionate: a downloader/transcriber should accept configurable paths or use binaries on PATH rather than assume an Administrator layout. There are no credential-exfiltration patterns or secret reads, but the hardcoded paths could cause unexpected file access or overwrite in an Administrator account.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system-wide changes. It does write outputs to disk (downloads, audio, transcripts) within its workspace; this is expected for the stated purpose and within its own scope.
What to consider before installing
This skill mostly does what its description says, but it has multiple red flags you should consider before installing or running it: (1) The code assumes Windows and an Administrator user (hardcoded C:\Users\Administrator paths and a hardcoded ffmpeg executable). If your machine is different, the script may fail or write files in unexpected places. (2) SKILL.md examples reference inconsistent skill folder names — packaging looks sloppy; review the douyin.js file yourself before running. (3) Prefer versions that call 'ffmpeg' and 'whisper' from PATH or allow configuring binary and output paths; if you proceed, run in a controlled directory (not as Administrator), inspect/change the hardcoded paths to safe locations, and verify external network calls are only to expected Douyin endpoints. If you need higher assurance, ask the author to remove hardcoded Administrator paths, add configurable paths, and fix the usage documentation inconsistency.
douyin.js:121
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎵 Clawdis
Binsffmpeg, whisper
latestvk9784tf94cv855mxakab5nswc185hfs0
49downloads
0stars
1versions
Updated 2d ago
v1.0.0
MIT-0
张翀@openclawzhangchong
latest
Download

Douyin Download & Transcript Skill

功能概述

  • 获取无水印视频链接:解析抖音分享链接或 modal_id
  • 下载视频:保存至指定目录。
  • 提取音频:使用 ffmpeg 转为 16kHz 单声道 PCM WAV(符合 Whisper 要求)。
  • 语音转写:调用本地 Whisper(默认 base 模型)生成文字稿。
  • 可选语义分段:使用 OpenClaw 内置 LLM 对转写文本进行分段,提升可读性。

环境依赖

  • ffmpeg(已在脚本中使用绝对路径)。
  • whisper(通过 pip install -U openai-whisper 安装)。
  • Node.js(用于执行 douyin.js)。

确保上述工具可在系统上运行, ffmpeg -versionwhisper --version 应返回版本信息。

使用方法(Windows CMD / PowerShell)

1. 获取视频信息

node "%USERPROFILE%\.openclaw\skills\zc_douyin_xiazai_txt\douyin.js" info "<抖音分享链接或 modal_id>"

2. 下载视频

node "%USERPROFILE%\.openclaw\skills\douyin-download-local\douyin.js" download "<链接或 modal_id>" -o "C:\\Temp\\douyin-download"

目录不存在时会自动创建。

3. 提取文案(默认语义分段)

node "%USERPROFILE%\.openclaw\skills\douyin-download-local\douyin.js" extract "<链接或 modal_id>"

此命令会下载视频、提取音频、使用 Whisper 转写并进行语义分段,结果保存在 outputs/douyin/<video_id>/transcript.md

4. 仅转写(不分段)

node "%USERPROFILE%\.openclaw\skills\douyin-download-local\douyin.js" extract "<链接或 modal_id>" --no-segment

常见问题

  • Node 未识别:请确认已安装 Node.js 并加入系统 PATH。
  • whisper 未识别:请使用 pip install -U openai-whisper 安装,并确保 Python Scripts 目录在 PATH 中。
  • 下载失败:检查链接完整性、网络通畅以及目标目录写入权限。

注意事项

  • 本工具仅用于个人学习、研究,勿用于商业或侵权用途,遵守抖音平台规则。
  • 如平台接口更新导致解析失败,请更新技能或手动修复。
  • Whisper 转写质量受音频清晰度影响,可能出现误差。

声明:技能中使用的 https://aweme.snssdk.com 链接不是私人网站,是抖音官方的服务域名,属于字节跳动旗下,主要用于抖音 App 的接口、授权、数据请求等服务。本次使用该链接仅用于解析下载无水印视频,不进行其他任何操作。

Comments

Loading comments...