Scavio Tiktok
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: scavio-tiktok Version: 1.0.2 The skill is a legitimate API wrapper for the Scavio TikTok service (api.scavio.dev), providing structured instructions for an AI agent to perform social media research. It includes clear documentation for eleven endpoints, proper error handling, and helpful guardrails for the agent. No evidence of data exfiltration, malicious execution, or prompt injection was found in SKILL.md or _meta.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill must give the agent access to a Scavio API key, which can spend API credits and act within that key's provider account permissions.
The skill requires a Scavio API key and uses it as a bearer token for provider API requests.
requires:\n env:\n - SCAVIO_API_KEY ... Authorization: Bearer $SCAVIO_API_KEY
Use a revocable key with the least available permissions, monitor usage/credits, and avoid exposing the key in prompts, logs, or shared environments.
TikTok usernames, video IDs, search keywords, hashtags, and similar query details may be sent to Scavio, and each request may consume account credits.
The skill instructs the agent to call external Scavio endpoints, including comments and social-graph lookups. This is expected for the stated purpose but is still a user-visible external action.
POST https://api.scavio.dev/api/v1/tiktok/profile ... /tiktok/video/comments ... /tiktok/user/followers ... /tiktok/user/followings
Use the skill only for intended TikTok research, review sensitive queries before running them, and consider Scavio's privacy, quota, and acceptable-use terms.