Downloader tiktok videos
PassAudited by ClawScan on May 10, 2026.
Overview
This is a transparent yt-dlp-based TikTok downloader, with disclosed but important cautions around local tool installation, file downloads, and optional browser/session cookies.
Install this only if you are comfortable running yt-dlp/ffmpeg locally. Confirm the TikTok target, number of videos, and output folder before running it, and avoid cookie options unless they are truly needed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent might propose a TikTok-download workflow when you only mentioned TikTok casually.
The invocation guidance is broader than a clear download request and could cause the agent to select the skill for incidental TikTok mentions unless it confirms intent.
Use this skill whenever the user mentions TikTok, a @username, "download a TikTok video", ... or any request to download/extract content from TikTok.
Use the skill when you explicitly want TikTok metadata or downloads, and confirm the target, count, and output path before running commands.
Running the skill can download files to your machine and contact TikTok or other URLs passed to yt-dlp.
The skill runs a local yt-dlp subprocess to fetch metadata and download media. This is expected for the purpose and does not use a shell string, but it still performs network access and file creation.
cmd = ["yt-dlp", "--playlist-items", f"1-{count}", ... "--output", template, ...]
result = subprocess.run(cmd)Confirm the profile or video URL, number of videos, and output folder before allowing the command to run.
If you use cookie options, the download process may access authenticated TikTok session data; mishandled cookie files can act like passwords.
The script can optionally pass a cookies file or browser cookies to yt-dlp. This is disclosed and user-controlled, but those cookies can contain active TikTok session tokens.
cmd += ["--cookies", cookies] ... cmd += ["--cookies-from-browser", cookies_from_browser]
Use cookies only when necessary, keep cookie files private, avoid sharing command logs that reveal paths or credentials, and delete exported cookies when finished.
Installing or updating yt-dlp or ffmpeg can change your local environment and depends on external package sources.
The setup guidance asks the user to install or update an unpinned external package, including a system-Python option. The documentation warns that this modifies the host environment.
pip install -U yt-dlp --break-system-packages # Linux system Python # or pip install -U yt-dlp
Prefer a virtual environment or trusted package manager, review the package source, and avoid system-wide installs unless you understand the impact.