ClawHub

TikTok Page

v1.0.4

TikTok manager: post videos, list content & check account stats. Requires: powershell/pwsh. Reads ~/.config/tiktok-page/credentials.json (TIKTOK_ACCESS_TOKEN...

0· 698·7 current·7 all-time
byseph@seph1709
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (TikTok manager) match the runtime instructions: all examples use PowerShell to call TikTok endpoints and require OAuth credentials stored at ~/.config/tiktok-page/credentials.json. Requesting PowerShell/pwsh is proportionate.
Instruction Scope
SKILL.md only instructs reading the declared credentials file, refreshing tokens, and calling open.tiktokapis.com endpoints. It does not reference other system files, unrelated env vars, or external endpoints. It explicitly advises restricting file permissions and not forwarding secrets.
Install Mechanism
This is instruction-only (no install spec, no downloads, no code files). That minimizes disk execution risk and is appropriate for the described purpose.
Credentials
No extra environment variables are required; the skill expects a single credentials JSON file with the OAuth tokens and client keys/secrets. Requesting those fields is proportionate for a TikTok API client. Note: TIKTOK_CLIENT_SECRET and refresh tokens are sensitive and the docs correctly call that out.
Persistence & Privilege
always is false and the skill does not request persistent or elevated agent-wide privileges or modify other skills. Autonomous invocation is allowed by default (not flagged alone) and the skill’s behavior is limited to its stated scope.
Assessment
This skill appears coherent and limited to TikTok API operations, but before installing: (1) confirm you trust the skill owner since it will read OAuth tokens from ~/.config/tiktok-page/credentials.json; (2) store tokens/Client Secret securely and follow the recommended file-permission changes; (3) grant the app only the minimum TikTok scopes needed; (4) rotate secrets immediately if the host is compromised; and (5) be aware the agent can invoke the skill autonomously by default — limit access to sensitive hosts/accounts if you’re unsure.

Like a lobster shell, security has layers — review code before you run it.

latestvk971xcb34bgj5p8vac4cb9nj9s822tqk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

[tt] Clawdis
Any binpowershell, pwsh

Comments