TikTok Page
PassAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed TikTok API helper, but installing it means giving the agent OAuth access that can read stats and publish videos to your TikTok account.
Install only if you are comfortable letting the agent use TikTok OAuth credentials for this account. Use the minimum TikTok scopes needed, protect ~/.config/tiktok-page/credentials.json, and manually confirm any publishing action before allowing it to run.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with valid credentials, the agent can post videos to the connected TikTok account.
The skill includes a documented ability to publish videos through the TikTok API. This matches the stated TikTok manager purpose, but publishing public content is a high-impact action.
| Publish video from URL | POST | /post/publish/video/init/ with PULL_FROM_URL |
Only grant the TikTok scopes you need, and require manual review of the video, caption, account, and publish action before posting.
Anyone or anything with access to this file could potentially use or refresh TikTok account access until the credentials are revoked or rotated.
The skill uses a local credential file containing TikTok OAuth tokens and app credentials. This is disclosed and expected for the integration, but these credentials can authorize account actions.
"path": "~/.config/tiktok-page/credentials.json", "fields": ["TIKTOK_ACCESS_TOKEN", "TIKTOK_REFRESH_TOKEN", "TIKTOK_CLIENT_KEY", "TIKTOK_CLIENT_SECRET", "TIKTOK_OPEN_ID"], "sensitive": true
Store the file with restrictive permissions, avoid sharing or committing it, grant minimal OAuth scopes, and rotate/revoke the credentials if the machine or file may be exposed.