Douyin Quick Search
PassAudited by ClawScan on May 9, 2026.
Overview
This looks like a straightforward Douyin search helper, but users should know it sends search terms and URLs through web search/fetch tools and has an unexplained sensitive-credential capability signal.
This skill appears safe to use for public Douyin discovery. Before installing, be comfortable with search terms and Douyin URLs being sent to web search/fetch providers, do not provide Douyin login cookies or credentials, and verify important results because they come from public search snippets and fetched pages.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search keywords, provided Douyin links, and fetched page requests may be visible to the web search/fetch services involved.
The skill intentionally routes user search terms and Douyin URLs through external search/fetch providers. This is expected for the stated purpose, but it is a data-flow boundary users should understand.
1. **Web search** (Brave) → discovers Douyin search result pages and video URLs 2. **Web fetch** → extracts readable content from Douyin pages when accessible
Avoid entering private or sensitive information in search queries, and treat this as public-web searching rather than a private Douyin integration.
Search results or fetched pages could be incomplete, misleading, or contain content that should only be summarized as data.
Fetched web page text and search snippets are untrusted retrieved context. The behavior is purpose-aligned, but the agent should not treat page content as instructions.
for each distinct video URL found, optionally use `web_fetch` to extract more detail... Return whatever metadata is available
Verify important results independently, and ensure the agent treats fetched Douyin/search content as untrusted data rather than operational instructions.
A user may be confused about whether the skill needs credentials or whether a platform search provider credential is involved.
This signal conflicts with the skill documentation and registry requirements, which say no API keys, cookies, login, env vars, or primary credential are required. There is no artifact evidence of actual credential use, but the mismatch is worth verifying.
requires-sensitive-credentials
Do not provide Douyin cookies, passwords, or API keys for this skill; verify during installation that no unexpected credential prompt appears.