Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
douyin-analyse-batch
v1.0.2抖音每日自动热榜日报生成与邮件推送。当用户说"抖音日报"、"发送邮件报告"、"自动分析抖音"、"定时推送抖音"或需要"生成抖音视频分析报告"时使用此技能。自动获取热榜 TOP15 → OpenClaw LLM 分析 → Word 文档输出 → 邮件定时发送至指定收件人。本技能包含完整依赖(douyin-video...
⭐ 0· 37·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The code and dependencies (hot-trend fetcher, video downloader, transcription/MCP server, analysis pipeline, email sender) are consistent with producing an automated Douyin daily report. However the registry metadata claims no required env vars/configs, yet the skill clearly needs SMTP credentials, a TikHub token, and third-party transcription API keys — a mismatch between declared requirements and actual capabilities.
Instruction Scope
SKILL.md instructs the agent to create .env, write/read ~/.openclaw/config.json (TikHub token), run a root-path setup script (/root/.openclaw/...), and install cron jobs. The runtime instructions reference local file paths and config files that were not declared in the skill metadata and grant the skill broad discretion to create scheduled tasks and write to platform config — more scope than the registry claims.
Install Mechanism
There is no formal install spec in the registry (the skill is treated as instruction-only) but the package contains many scripts (setup_douyin_daily_report.sh, run_daily_digest.py, MCP server code) that will create virtualenvs, pip-install dependencies, and configure cron. The bundled code itself is local (no suspicious arbitrary download URLs), but running the included setup script will perform system changes; lack of an explicit registry install step is misleading.
Credentials
Registry shows 'no required env vars' yet SKILL.md and code require/expect: SMTP_USER/SMTP_PASS/SMTP_HOST/SMTP_PORT (email sending), DOUYIN_EMAIL_RECIPIENTS, TikHub token stored in ~/.openclaw/config.json, and various transcription API keys (API_KEY / DOUYIN_API_KEY / dashscope/siliconflow keys). Those are sensitive credentials unrelated to the registry declaration and are proportionally significant for a 'report' skill.
Persistence & Privilege
The setup script configures cron jobs (scheduled execution at 08:00 and 16:00) and SKILL.md instructs writing tokens into ~/.openclaw/config.json — both are persistent changes outside the skill directory. The codebase also includes an MCP server and WebUI components which could run as a local service. While always:false, the skill requests persistent scheduling and config writes without declaring that level of privilege.
Scan Findings in Context
[unicode-control-chars] unexpected: A prompt-injection detector found unicode control characters in SKILL.md. This is not expected for a straightforward automation guide and could be an attempt to manipulate LLM behavior or the evaluation environment; inspect the SKILL.md source for hidden characters before trusting it.
What to consider before installing
Key things to consider before installing: (1) This skill will ask you to provide and store multiple sensitive credentials (email SMTP credentials, TikHub token, and transcription API keys) but the registry metadata does not declare them — treat that as a red flag. (2) The provided setup script will create a Python venv, pip-install packages, write a .env, add cron jobs and may write to ~/.openclaw/config.json; review the setup script line-by-line before running, and do not run it as root on a production machine. (3) The bundle includes a web/MCP server and video downloader/transcriber code that will make outbound network requests (TikHub, siliconflow/dashscope and Douyin), so run it in an isolated environment or sandbox (container or VM) and restrict network access if possible. (4) Use a throwaway/dedicated email account and API keys with minimal permissions and revoke them after testing. (5) If you plan to proceed, verify the exact locations where credentials are stored, find-and-review any hardcoded IDs/hosts (e.g., chat_id in cron-job.js), and remove or disable any cron/web-server steps you don't want. (6) If the author cannot or will not update the registry metadata to declare required env vars/config paths and provide an explicit install spec, treat the package as untrusted.dependencies/douyin-hot-trend/cron-job.js:16
Shell command execution detected (child_process).
dependencies/douyin-hot-trend/scripts/get-hot-trend.js:16
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk973vx63b1bbhakzyjcn604wex84vyye
License
MIT-0
Free to use, modify, and redistribute. No attribution required.