Tiktok Creative Testing
v1.0.0Generate a 30-variation creative testing matrix from a product URL, manual inputs, or existing hooks. Produces 5 hooks × 3 angles × 2 CTAs as ready-to-brief...
⭐ 0· 20·0 current·0 all-time
byHung Quoc To@quochungto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (TikTok creative testing matrix) match the implementation: SKILL.md and phase files describe extracting product context, generating hooks/angles/CTAs, producing 30 variants, and saving artifacts. There are no unrelated required binaries, env vars, or external install steps that don't belong to the stated purpose.
Instruction Scope
Runtime instructions stay within the creative-testing scope (fetch product page with WebFetch, generate creative content, ask the user where confidence is low). The skill reads/writes only under campaigns/{slug}/ and will check the workspace with a command 'ls campaigns/' before writing — this is reasonable for file-safety but means the agent will list the workspace 'campaigns' directory (which could reveal other campaign files if present). The skill's allowed-tools are limited to WebFetch and AskUserQuestion, and no instructions direct data to unknown remote endpoints beyond the user-supplied URL fetched by WebFetch.
Install Mechanism
Instruction-only skill with no install spec and no code files to execute. This is low-risk: nothing is downloaded or installed.
Credentials
No environment variables, credentials, or config paths are requested. All file read/write operations are scoped to campaigns/{slug}/ as described — the requested access is proportionate to saving and loading campaign artifacts.
Persistence & Privilege
The skill persists outputs to disk (campaigns/{slug}/product_context.json and creative_matrix.md). 'always' is false and autonomous invocation is allowed by default; there is no elevated privilege like always:true. Users should expect created files to remain in the agent workspace.
Assessment
This skill appears coherent and implements exactly what it claims: fetching a product page, generating 5×3×2 creative briefs, and saving them under campaigns/{slug}/. Before installing or using it, consider: (1) avoid providing URLs with sensitive tokens or internal pages (WebFetch will request whatever URL you provide); (2) outputs and intermediate files will be written to the agent workspace under campaigns/{slug}/ — if you share that workspace or it contains other campaigns, the skill will list the campaigns/ directory when verifying paths; (3) review generated copy for compliance/legal/safety before publishing (claims like 'clinical' or medical claims must be substantiated); and (4) if you don't want files persisted, run it in a disposable workspace or delete the campaigns/{slug}/ files after use.Like a lobster shell, security has layers — review code before you run it.
latestvk973hw8rey5efq07k69ngnpkq184bvgw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.