Douyin Quick Search
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: douyin-quick-search Version: 1.0.0 The skill bundle contains instructions for an AI agent to perform Douyin content searches using standard web search and fetching tools. There is no executable code, no request for sensitive permissions, and no evidence of malicious prompt injection or data exfiltration in files like skill.md or skill.json.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search keywords, provided Douyin links, and fetched page requests may be visible to the web search/fetch services involved.
The skill intentionally routes user search terms and Douyin URLs through external search/fetch providers. This is expected for the stated purpose, but it is a data-flow boundary users should understand.
1. **Web search** (Brave) → discovers Douyin search result pages and video URLs 2. **Web fetch** → extracts readable content from Douyin pages when accessible
Avoid entering private or sensitive information in search queries, and treat this as public-web searching rather than a private Douyin integration.
Search results or fetched pages could be incomplete, misleading, or contain content that should only be summarized as data.
Fetched web page text and search snippets are untrusted retrieved context. The behavior is purpose-aligned, but the agent should not treat page content as instructions.
for each distinct video URL found, optionally use `web_fetch` to extract more detail... Return whatever metadata is available
Verify important results independently, and ensure the agent treats fetched Douyin/search content as untrusted data rather than operational instructions.
A user may be confused about whether the skill needs credentials or whether a platform search provider credential is involved.
This signal conflicts with the skill documentation and registry requirements, which say no API keys, cookies, login, env vars, or primary credential are required. There is no artifact evidence of actual credential use, but the mismatch is worth verifying.
requires-sensitive-credentials
Do not provide Douyin cookies, passwords, or API keys for this skill; verify during installation that no unexpected credential prompt appears.