Tiktok Product Promotion
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is mostly aligned with hiring TikTok creators, but it documents creating paid promotional campaigns through an external API without visible approval, budget, or reversal safeguards.
Only install this if you intend to let an agent work with PingHuman/TikTok promotion workflows. Before allowing campaign creation, confirm the exact product, creator requirements, compensation, commission, deadline, and maximum spend, and use a limited PingHuman API token if available.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill with a valid account token could create campaign tasks that may commit the user or business to paid influencer promotion terms.
The skill documents a direct API call to create a paid promotional task with commission terms. The provided artifacts do not show explicit confirmation, budget limits, or rollback/cancellation controls before creating that third-party business commitment.
"Step 3: Post Product Promotion Campaign" ... "compensation": 800.00 ... "affiliate_commission": "10% of sales"
Require explicit user approval before any POST that creates a campaign, and set clear budget, compensation, deadline, and cancellation rules before use.
A PingHuman API token may allow account actions such as browsing creators and creating tasks, depending on the provider’s permissions.
The documented API workflow uses a PingHuman bearer token. This is expected for the provider integration, but the registry metadata says no primary credential is required, so users may not notice the account authority until reading the instructions.
-H "Authorization: Bearer ph_sk_abc123..."
Use the least-privileged PingHuman token available, keep it out of shared chats/logs, and verify account permissions before giving it to an agent.
Future installs or reloads could depend on the contents served from the remote URL rather than only the reviewed artifact.
The manual install path points the agent configuration at a remote skill URL. This is not code execution by itself, but remote skill text can change unless the installer pins or verifies the reviewed version.
echo "tiktok-product-promotion: https://www.pinghuman.ai/skills/tiktok-product-promotion/skill.md" >> ~/.agent/skills.txt
Install from a trusted source and prefer a pinned or locally reviewed copy of the skill text when possible.