Download-video-tiktok
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches a TikTok downloader, but it can use browser/session cookies for restricted content and can auto-install an unpinned package into the Python environment.
Install only if you are comfortable with a TikTok downloader that runs yt-dlp and writes media files locally. Avoid using browser cookies unless you explicitly want authenticated TikTok access, and do not run the helper's automatic pip install path without reviewing or pinning the dependency first.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may ask to use your logged-in TikTok browser session or cookie file, giving yt-dlp account-level access and potentially downloading content that is not public.
The skill is described as downloading from public TikTok accounts, but its troubleshooting path instructs use of local browser/session cookies for private or sign-in-required content, with no declared credential requirement or scoping guidance.
`Private account` ... `--cookies-from-browser chrome` ... `Sign in required` ... `--cookies cookies.txt`
Use this only for public or explicitly authorized content. Do not provide browser cookies unless you intentionally want account-authenticated access, and require explicit confirmation before any cookie-based run.
Running the helper can modify the Python environment and pull the latest package code from PyPI without a pinned version or a separate user approval step.
The helper script automatically installs or upgrades an unpinned external package at runtime and uses --break-system-packages, despite the skill having no install spec or declared required binary.
subprocess.run([sys.executable, "-m", "pip", "install", "-U", "yt-dlp", "--break-system-packages"], check=False)
Declare yt-dlp as an install requirement, pin or verify the version, remove automatic runtime installation, and ask the user before changing system Python packages.
The agent may over-apply the skill and suggest or perform TikTok download steps when that was not the user's intent.
The routing instruction is broader than the actual downloader purpose and could cause the agent to enter this workflow when the user only casually mentions TikTok.
Utilise ce skill dès que l'utilisateur mentionne TikTok
Invoke the skill only when the user explicitly asks to download, archive, scrape, or retrieve metadata from TikTok.
Using these options may increase the chance of violating platform restrictions or accessing content in ways the user did not intend.
The advanced documentation includes platform-friction workarounds such as rate-limit handling, custom headers, proxy use, and geo-bypass options. These are related to yt-dlp usage but should be user-directed and authorized.
`## Contournement du rate limiting` ... `# Bypass géo-restriction sans proxy` ... `yt-dlp --geo-bypass URL`
Use these options only when legally permitted, explicitly requested, and limited to content the user is authorized to access.