Douyin Scraper
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: douyin-scraper-openclaw Version: 1.0.0 The skill is a legitimate browser automation tool designed to search and scrape video metadata from Douyin (TikTok China). It uses the 'agent-browser' utility to perform searches and extract information like titles and likes, with logic contained in SKILL.md and scripts/douyin-search.sh. No evidence of data exfiltration, credential theft, or malicious prompt injection was found; the code and instructions are consistent with the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may trigger Douyin anti-bot checks, captchas, rate limits, or account/network restrictions.
The script explicitly describes using browser automation in a way intended to work around anti-scraping controls. This matches the scraper purpose, but users should be aware of platform, account, or network-limit implications.
# 步骤 2: 使用移动端域名进行搜索 (绕过部分反爬)
Use the scraper only where permitted, avoid excessive automation, and review Douyin platform rules before using logged-in sessions or proxies.
Anyone who can read the saved auth-state file may be able to reuse the Douyin session, and the agent may access logged-in content when that state is loaded.
The skill documents saving and reloading Douyin browser authentication state. That is expected for logged-in scraping, but the file may contain session cookies or equivalent account access.
agent-browser --session douyin state save douyin-auth.json agent-browser --session douyin state load douyin-auth.json
Only save login state if needed, store `douyin-auth.json` securely, do not share it, and delete or revoke the session when finished.
Installing the skill as documented may add external executable tooling to the local environment beyond the instruction-only package itself.
The skill depends on an external globally installed browser automation package and browser installation step. This is central to the stated purpose, but it is not pinned or represented in the registry install spec.
npm install -g agent-browser agent-browser install
Verify the `agent-browser` package source and version before installing, and prefer pinned or documented dependency versions where possible.
Some documented or package-manager execution paths may fail or not match the reviewed script.
The declared npm entrypoint references `scripts/search.js`, but the provided manifest contains `scripts/douyin-search.sh` instead. This suggests a packaging or maintenance inconsistency.
"main": "scripts/search.js",
"scripts": {
"search": "node scripts/search.js"
}Confirm the intended entrypoint before relying on package scripts, and update the manifest or included files to match.