Scavio Tiktok
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill must give the agent access to a Scavio API key, which can spend API credits and act within that key's provider account permissions.
The skill requires a Scavio API key and uses it as a bearer token for provider API requests.
requires:\n env:\n - SCAVIO_API_KEY ... Authorization: Bearer $SCAVIO_API_KEY
Use a revocable key with the least available permissions, monitor usage/credits, and avoid exposing the key in prompts, logs, or shared environments.
TikTok usernames, video IDs, search keywords, hashtags, and similar query details may be sent to Scavio, and each request may consume account credits.
The skill instructs the agent to call external Scavio endpoints, including comments and social-graph lookups. This is expected for the stated purpose but is still a user-visible external action.
POST https://api.scavio.dev/api/v1/tiktok/profile ... /tiktok/video/comments ... /tiktok/user/followers ... /tiktok/user/followings
Use the skill only for intended TikTok research, review sensitive queries before running them, and consider Scavio's privacy, quota, and acceptable-use terms.