Douyin Search

The skill provides Douyin search functionality using Playwright, but it is classified as suspicious due to potential shell injection vulnerabilities and high-risk file access. Specifically, SKILL.md instructs the agent to execute a shell command using a keyword placeholder (`python3 scripts/douyin_search.py "<keyword>"`) without explicit sanitization instructions, which could be exploited if the agent passes unsanitized user input. Additionally, scripts/douyin_search.py attempts to access sensitive browser profile data at a hardcoded system path (/root/.openclaw/browser/openclaw/user-data), which is a high-risk behavior even if intended for session persistence.