ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Browser Douyin Post

v1.0.0

Automate uploading local images or videos with a title to Douyin creator platform using Chrome with remote debugging and active login.

0· 54·0 current·0 all-time
by@dream007007s

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dream007007s/browser-douyin-post.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Browser Douyin Post" (dream007007s/browser-douyin-post) from ClawHub.
Skill page: https://clawhub.ai/dream007007s/browser-douyin-post
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install browser-douyin-post

ClawHub CLI

Package manager switcher

npx clawhub@latest install browser-douyin-post
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description (upload local images/videos to Douyin via a logged-in Chrome) align with the runtime instructions. However the SKILL.md hardcodes user-specific paths (e.g., C:\Users\wenxi\...) and an OpenClaw temp uploads directory, which is inconsistent with a generic published skill and suggests it was authored for a single user's environment.
!
Instruction Scope
The instructions tell the agent to run filesystem operations (PowerShell Copy-Item) and to upload arbitrary local files from user-supplied locations. They also instruct broad browser control (tab enumeration, clicking arbitrary refs, JS evaluate to change location). Together these allow the skill to access/transfer arbitrary local files and to fully drive the logged-in browser session — behavior that is more powerful than a simple 'upload this image' helper and could be misused if not limited to the intended file(s).
Install Mechanism
No install spec or code files are present; this is an instruction-only skill, so nothing is written to disk by an install step. That lowers installation risk.
!
Credentials
The skill requests no environment variables or explicit credentials, which is fine. But it requires Chrome to be started with --remote-debugging-port=9222 and assumes a logged-in Douyin session; remote debugging grants programmatic access to the browser and its authenticated sessions (cookies/localStorage). Combined with its filesystem operations, this provides capabilities beyond the minimal need to upload a single file and could expose sensitive data or other accounts accessible in that browser profile.
Persistence & Privilege
always is false and the skill is not requesting persistent system configuration — good. Autonomous invocation (default) is allowed; while normal, autonomous runs combined with remote-debugging/browser-control raise the blast radius. The skill does not modify other skills or system-wide settings in its instructions.
What to consider before installing
This skill appears to do what it says (automate Douyin uploads) but has concerning details you should address before installing or using it: - The SKILL.md uses hardcoded Windows paths with username 'wenxi'. Update those paths to match your environment or ensure the skill asks you for the file path each time. Do not leave hardcoded paths in a shared/automated context. - The skill requires Chrome with --remote-debugging-port=9222. Enabling remote debugging gives the controlling process access to your active browser session (cookies, logged-in accounts). Only enable it in a controlled environment and preferably a separate browser profile without other accounts or sensitive data. - The instructions perform local file copy and upload arbitrary files. Only point the skill to files you explicitly intend to publish; test with non-sensitive dummy files first. - Because the skill controls the browser (tab enumeration, clicks, JS evaluation), review and, if possible, limit which pages and UI elements it interacts with to reduce the chance of unintended actions. - The skill has no author/homepage and was authored for a single user setup; prefer skills from known, trusted sources or request the author to generalize the paths and document expected inputs. If you still want to use it: run it in a sandboxed environment (separate browser profile, non-sensitive test account), correct the path assumptions, and verify behavior step-by-step rather than allowing fully autonomous runs initially.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ccy8khdexgesxw2qve1b2eh85eeng
54downloads
0stars
1versions
Updated 3d ago
v1.0.0
MIT-0
@dream007007s
latest
Download

Browser Douyin Post

Publish images or videos to Douyin (抖音) creator platform via browser automation.

Workflow

Step 1: Connect to Chrome

browser(action="start", profile="user", target="host")

If failed with "attachOnly" error: Chrome is not running with debugging port. → Ask user to run: & "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222

Step 2: Navigate to Douyin Creator Platform

Use a free tab (e.g., Tab 2) and navigate via JavaScript evaluation since navigate requires openclaw profile:

// First check tabs
browser(action="tabs", profile="user", target="host")

// Focus a free tab
browser(action="focus", targetId="<free_tab_id>", profile="user", target="host")

// Then use JS to navigate (avoids SSRF blocks on navigate action)
browser(action="act", kind="evaluate", target="host", profile="user", fn="window.location.href = 'https://creator.douyin.com'")

Or if Douyin tab already exists, just focus it.

Step 3: Go to Image Upload Page

Once on creator.douyin.com:

  1. Click the "高清发布" / "发布图文" menu button (ref 1_2)
  2. Click "发布图文" menuitem

Step 4: Upload Image

The upload input (ref 3_10) only accepts files from C:\Users\wenxi\AppData\Local\Temp\openclaw\uploads\.

First copy the image to the uploads directory:

Copy-Item "<image_path>" "C:\Users\wenxi\AppData\Local\Temp\openclaw\uploads\douyin-post.png" -Force

Then upload:

browser(action="upload", target="host", profile="user", inputRef="3_10", paths=["C:\\Users\\wenxi\\AppData\\Local\\Temp\\openclaw\\uploads\\douyin-post.png"])

Step 5: Fill in Title

Find the title textbox (ref 4_2) and type the title. Note: Title has 20-character limit.

browser(action="act", kind="click", ref="4_2", profile="user", target="host")
browser(action="act", kind="press", ref="4_2", profile="user", target="host", key="Control+a")
browser(action="act", kind="type", ref="4_2", text="<title>", profile="user", target="host")

Step 6: Add Description (Optional)

The description textbox (statictext "添加作品描述...") may not have a clickable ref. If available, click it and type description. If not, skip — the title alone is enough.

Step 7: Click Publish

Click the "发布" button (ref 4_65):

browser(action="act", kind="click", ref="4_65", profile="user", target="host")

Step 8: Verify

After clicking publish, wait 5 seconds and take a snapshot to confirm the post appears in "作品管理" list.

Complete Example

Publishing an AI-generated image to Douyin:

=== User Request ===
发布图片到抖音: C:\Users\wenxi\.openclaw\media\tool-image-generation\old-photo.png
标题: 时光记忆

=== Assistant Actions ===

// 1. Connect browser
browser(action="start", profile="user", target="host")

// 2. Check tabs and focus a free tab, then navigate to Douyin
browser(action="focus", targetId="2", profile="user", target="host")
// (use evaluate JS to set window.location.href since navigate is blocked)

// 3. Click 高清发布 > 发布图文
browser(action="act", kind="click", ref="1_2", profile="user", target="host")
browser(action="act", kind="click", ref="2_25", profile="user", target="host")

// 4. Copy image to uploads dir
Copy-Item "C:\Users\wenxi\.openclaw\media\tool-image-generation\old-photo.png" "C:\Users\wenxi\AppData\Local\Temp\openclaw\uploads\douyin-post.png" -Force

// 5. Upload
browser(action="upload", target="host", profile="user", inputRef="3_10", paths=["C:\\Users\\wenxi\\AppData\\Local\\Temp\\openclaw\\uploads\\douyin-post.png"])

// 6. Fill title
browser(action="act", kind="click", ref="4_2", profile="user", target="host")
browser(action="act", kind="press", ref="4_2", profile="user", target="host", key="Control+a")
browser(action="act", kind="type", ref="4_2", text="时光记忆", profile="user", target="host")

// 7. Publish
browser(action="act", kind="click", ref="4_65", profile="user", target="host")

// 8. Wait and verify
Start-Sleep -Seconds 5
browser(action="snapshot", profile="user", target="host")

Common Issues

  • "upload requires ref or inputRef": Must use inputRef parameter (not ref) when uploading to existing-session browser
  • "must stay within uploads directory": Copy file to C:\Users\wenxi\AppData\Local\Temp\openclaw\uploads\ first
  • "navigate blocked by SSRF": Use act + evaluate with window.location.href instead of navigate action
  • Description textbox has no ref: Skip description if ref is not available; title alone is sufficient
  • Title character limit: Douyin title is limited to 20 characters
  • Not logged in: User must be logged into Douyin creator platform before running this skill

Comments

Loading comments...