Back to skill
Skillv1.0.0
VirusTotal security
douyin-to-obsidian · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 22, 2026, 1:11 PM
- Hash
- ce08c5aea6336f8dfca47ad39a4bbbc2c02116c5abe1c189f79d99548e6680b9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: douyin-to-obsidian Version: 1.0.0 The skill bundle facilitates Douyin content extraction but exhibits high-risk behaviors, most notably the automatic download and execution of a remote FFmpeg binary from an external source (gyan.dev) within `scripts/extractor.py`. It also configures Playwright with security features disabled (`--disable-web-security`) and utilizes a hardcoded absolute file path on a specific local drive (`E:\icloud\...`) in `scripts/run_extract.py`. While these actions appear intended to support the tool's functionality, the practice of fetching and running remote artifacts and lowering browser security represents a significant security risk.
- External report
- View on VirusTotal