Tiktok Ugc Creator
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent for hiring TikTok UGC creators, but it shows authenticated paid task creation without clearly declared credentials, approval gates, or budget safeguards.
Review this skill before enabling it. It appears intended for legitimate UGC hiring, but only use it with explicit human approval for any paid task, a clear budget, a scoped API token if available, and required sponsorship-disclosure rules for any creator content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this workflow could create paid UGC campaign tasks or commit funds on the user's behalf if given a valid API token.
The skill documents a direct API call that creates a paid creator task. That is purpose-aligned, but it is a high-impact account and spending action without visible approval or budget controls in the provided artifacts.
curl -X POST https://www.pinghuman.ai/api/v1/tasks ... "compensation": 200.00, "currency": "CNY"
Require explicit user confirmation before any POST that creates, hires, funds, or publishes a campaign, and set clear budget and cancellation rules.
Supplying this credential may let the agent act on the user's PingHuman account, including creating paid tasks.
The API examples require a PingHuman Bearer token, while the registry metadata declares no primary credential or required environment variable. The token appears tied to account actions, including task creation.
-H "Authorization: Bearer ph_sk_abc123..."
Use the least-privileged token available, avoid pasting long-lived secrets into prompts, and ensure the skill metadata clearly declares required credentials and their scope.
The agent may keep loading this remotely referenced skill after installation.
The documented manual install persists a remote skill URL in the agent's skill registry. It is user-directed and no code execution is shown, but users should understand the provenance and persistence.
echo "tiktok-ugc-creator: https://www.pinghuman.ai/skills/tiktok-ugc-creator/skill.md" >> ~/.agent/skills.txt
Install only from a trusted source, review the remote SKILL.md before use, and remove the registry entry if you no longer want the skill available.
Improperly disclosed paid testimonials could mislead viewers or create compliance and reputation risk.
The skill is for paid marketing testimonials that rely on perceived authenticity. The provided excerpt discloses compensation in the API task, but users should ensure sponsored-content disclosure and platform compliance.
UGC is the most trusted form of marketing content—real people sharing real experiences ... Raw, unscripted content that feels spontaneous
Require creators to disclose sponsorships or paid collaborations according to TikTok policy and applicable advertising law.