Tiktok Bulk Publisher Test

v1.0.0

Automate bulk uploading and publishing of TikTok videos with customizable titles, privacy, comment/duet/stitch controls, and upload status checks.

⭐ 0· 121·0 current·0 all-time

by@fly3094

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The name, README, SKILL.md, and code all align with a TikTok bulk-publisher (upload, chunked upload, finalize, status). However the registry metadata claims no required environment variables or primary credential while SKILL.md and the code expect TikTok credentials (client key, secret, access token). That mismatch is unexpected and reduces transparency.

✓

Instruction Scope

SKILL.md instructions stay within the stated purpose: they describe exporting TIKTOK_CLIENT_KEY / TIKTOK_CLIENT_SECRET / TIKTOK_ACCESS_TOKEN and running the Python script or using its Python API. The instructions don't ask the agent to read unrelated system files or exfiltrate arbitrary data.

ℹ

Install Mechanism

There is no install spec (instruction-only), which is low risk. A code file (tiktok_publisher.py) and package.json are included; package.json references a GitHub repo and installation via 'npx clawhub install' but no automated installer is declared. This is not itself malicious but inconsistent and worth verifying.

Credentials

The code and SKILL.md require TikTok credentials (client key/secret and access token) — these are appropriate for the stated purpose. The concern is that the registry metadata omitted declaring any required env vars/primary credential, meaning users may not be warned by the registry about needing to supply sensitive tokens. Verify scope and origin before providing credentials.

✓

Persistence & Privilege

The skill does not request 'always: true' or other persistent privileges, and does not attempt to modify other skills or system-wide settings. Agent autonomous invocation is allowed by default (normal).

What to consider before installing

This skill's code and SKILL.md legitimately require TikTok credentials (client key, client secret, access token), but the registry metadata does not declare them — that's a transparency/information mismatch. Before installing: (1) verify the skill source (follow the repository URL in package.json or contact the author); (2) review the included tiktok_publisher.py yourself or have someone you trust inspect it; (3) only provide short-lived or scopped test tokens (and avoid reusing production credentials); (4) run in an isolated environment (container or VM) if possible; (5) ensure tokens are revocable and grant only required scopes (video.publish, user.info.basic); and (6) if you cannot verify the author/source, decline to install or treat it as untrusted code. If you want, I can list the exact lines in tiktok_publisher.py that handle tokens and network calls for an additional review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dmseyddnwrdyt7ad3m6p14d838j6x

121downloads

0stars

1versions

Updated 2h ago

v1.0.0

MIT-0

TikTok 批量发布技能

功能概述

TikTok批量视频发布技能，实现自动化上传和发布TikTok视频内容。支持以下功能：

批量视频上传到TikTok
自定义视频标题和描述
隐私级别设置（公开、互关好友可见、仅自己可见）
评论、合拍、拼接功能控制
分片上传大文件（支持10MB+视频）
发布状态查询
OAuth 2.0 授权流程支持

技术要求

需要 TikTok Content Posting API 权限
需要 video.publish 和 user.info.basic Scope
支持 FILE_UPLOAD 和 PULL_FROM_URL 两种上传方式

使用方法

环境变量配置

export TIKTOK_CLIENT_KEY="your_client_key"
export TIKTOK_CLIENT_SECRET="your_client_secret"
export TIKTOK_ACCESS_TOKEN="your_access_token"

命令行使用

python tiktok_publisher.py --video /path/to/video.mp4 --title "视频标题" --privacy PUBLIC_TO_EVERYONE

Python API 使用

from tiktok_publisher import TikTokPublisher

publisher = TikTokPublisher(client_key, client_secret, access_token)
result = publisher.upload_video(
    video_path="/path/to/video.mp4",
    title="视频标题",
    privacy_level="PUBLIC_TO_EVERYONE",
    disable_comment=False,
    disable_duet=False,
    disable_stitch=False
)

if result['success']:
    print(f"发布成功: {result['video_url']}")
else:
    print(f"发布失败: {result['error']}")

依赖

Python 3.7+
requests
pathlib

注意事项

视频文件大小限制：单个视频不超过500MB
视频格式要求：MP4格式，H.264编码
标题长度限制：不超过2200个字符
需要先完成TikTok开发者账号认证和应用创建
访问令牌有效期为2小时，需要定期刷新