ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tiktok Bulk Publisher

v1.2.0

批量上传和发布 TikTok 视频,支持 OAuth 2.0 授权 API,自定义标题、隐私和互动设置

0· 278·0 current·1 all-time
by@fly3094·duplicate of @fly3094/tiktok-bulk-publisher-test

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for fly3094/tiktok-bulk-publisher.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Tiktok Bulk Publisher" (fly3094/tiktok-bulk-publisher) from ClawHub.
Skill page: https://clawhub.ai/fly3094/tiktok-bulk-publisher
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3, curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install tiktok-bulk-publisher

ClawHub CLI

Package manager switcher

npx clawhub@latest install tiktok-bulk-publisher
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes a full-featured TikTok bulk publisher (OAuth 2.0, auto-editing, recommendations, scheduling). However, no code files are included in the bundle and the registry metadata lists no required env vars while the SKILL.md declares TIKTOK_CLIENT_KEY and TIKTOK_CLIENT_SECRET as required. That mismatch means the claimed capability is not backed by the shipped artifacts.
!
Instruction Scope
Runtime instructions tell the agent/user to run 'python3 scripts/tiktok_publisher.py --videos ... --config config.json', but no scripts/ directory or Python code are present in the skill. The instructions therefore expect local files that are not included; they do not instruct accessing unrelated system files, but they do grant broad implicit permission to run arbitrary local Python code if present.
Install Mechanism
This is an instruction-only skill with no install spec and no downloads. That minimizes installer risk — nothing is written to disk by an installer. Declaring python3 and curl as required binaries is reasonable for the described commands.
!
Credentials
The SKILL.md's internal metadata declares two required credentials (TIKTOK_CLIENT_KEY and TIKTOK_CLIENT_SECRET), which are appropriate for a TikTok API integration. However, the registry-level metadata reported 'Required env vars: none' and 'Primary credential: none', creating an inconsistency. The skill's documentation asks for sensitive OAuth client secret material but the overall package metadata does not surface that requirement.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide config or modify other skills. It permits autonomous invocation by default (platform normal), which combined with the other concerns means the agent could run local scripts if allowed — but there is no evidence of persistent privileged behavior in the package itself.
What to consider before installing
Do not provide TikTok client credentials to this skill yet. Before installing or running anything, ask the author for the missing code (scripts/tiktok_publisher.py and any dependencies) or a public source/homepage you can inspect. Confirm the registry metadata is updated to list required env vars. If you must test now, run in an isolated environment (air-gapped VM or container) and inspect any Python scripts before executing. If you cannot obtain the source, treat the skill as incomplete/untrustworthy and avoid supplying secrets.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎵 Clawdis
Binspython3, curl
latestvk97fcszargj5jv13jc73a4pnxn856k61
278downloads
0stars
3versions
Updated 22h ago
v1.2.0
MIT-0
@fly3094
latest
Download

TikTok Bulk Publisher 🎵

批量上传和发布 TikTok 视频,自动化视频发布流程。

功能特点

  • ✅ 批量上传视频
  • ✅ 自定义标题和描述
  • ✅ 隐私设置(公开/好友/私密)
  • ✅ 互动设置(评论/合拍/duet)
  • ✅ OAuth 2.0 授权
  • ✅ TikTok API 2026 版支持
  • ✅ 视频自动剪辑功能
  • ✅ 热门音乐推荐
  • ✅ 标签优化建议
  • ✅ 发布时段分析

使用方法

# 批量上传视频
python3 scripts/tiktok_publisher.py --videos ./videos/ --config config.json

# 指定发布时段
python3 scripts/tiktok_publisher.py --videos ./videos/ --schedule "18:00-22:00"

许可证

MIT

作者

fly3094

Comments

Loading comments...