抖音每日最具影响力账号(红狐数据)
ReviewAudited by ClawScan on May 15, 2026.
Overview
The skill’s Douyin ranking/reporting purpose is coherent, but its data-fetching script disables HTTPS certificate checks, which could let network attackers tamper with rankings or report links.
Use this skill only if you trust the publisher and data source, and avoid relying on it for sensitive decisions until HTTPS certificate validation is fixed. If you enable subscriptions, confirm the schedule and know how to delete the automation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious network, proxy, or compromised connection could spoof the API response, altering rankings, report contents, or clickable account links shown to the user.
The data-fetching code includes a custom HTTPS path that disables hostname checking and certificate validation, and the surrounding code suppresses insecure-request warnings.
context.check_hostname = False; context.verify_mode = ssl.CERT_NONE; ssl_sock = context.wrap_socket(sock, server_hostname=None)
Use normal HTTPS verification with SNI, remove CERT_NONE/check_hostname=False and warning suppression, and fail closed if the API certificate cannot be validated.
Opening a generated report may execute JavaScript fetched from jsDelivr; if that dependency is unavailable or compromised, the report behavior could be affected.
Generated HTML reports load a third-party CDN script to support image export.
<script src="https://cdn.jsdelivr.net/npm/html2canvas@1.4.1/dist/html2canvas.min.js"></script>
Bundle the dependency locally or add integrity controls and disclose that generated reports load third-party JavaScript.
If the user subscribes, the agent may continue running scheduled ranking/report tasks and pushing reports until the automation is disabled.
The skill can create recurring scheduled tasks for ranking updates, but the artifact states this occurs after user confirmation.
用户确认订阅后,使用 `automation_update` 工具创建自动化任务
Make subscription schedules, recipients, and cancellation steps clear before creating the automation.