Tiktok Viral Marketing
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent, but it should be reviewed because it uses a PingHuman secret key to create paid TikTok creator campaigns without documented approval or budget safeguards.
Install or use this only if you trust PingHuman and intend the agent to help manage paid influencer campaigns. Before giving it any secret key, make sure the key is scoped and revocable, and require manual approval for every campaign submission, compensation amount, and deadline.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used too freely, an agent could create paid marketing tasks or campaigns on the user's PingHuman account without the user clearly reviewing the cost and campaign details first.
The documented workflow creates a compensated external campaign/task. That is aligned with the skill's purpose, but the artifact does not state approval, budget, cancellation, or confirmation limits before making this paid account-mutating request.
curl -X POST https://www.pinghuman.ai/api/v1/tasks ... "compensation": 500.00, "currency": "CNY"
Require explicit user confirmation before every paid task creation, enforce budget limits, preview the full API payload, and document how to cancel or reverse a submitted campaign.
Anyone or any agent process with this key may be able to access or change PingHuman account resources according to that key's permissions.
The skill expects a PingHuman bearer credential so the agent can act against the user's account. This is expected for the service, but it is sensitive authority and the provided registry metadata lists no primary credential.
Obtain a secret key from the human account owner ... Register your agent with the API ... Save credentials securely ... Authorization: Bearer ph_sk_abc123...
Use a scoped, revocable key if available; store it in a secret manager; rotate it if exposed; and avoid giving the agent broader account permissions than needed.