抖音搜索关键词
PassAudited by ClawScan on May 11, 2026.
Overview
This appears to be a coherent Douyin public-data analysis tool, but it sends search/profile requests and an API token to a third-party backend and stores result logs locally.
This skill is reasonable to use if you trust the guaikei.com-backed service and are comfortable obtaining and using its API token. Avoid submitting sensitive research terms or private monitoring targets, protect the GUAIKEI_API_TOKEN, and periodically clear the local logs if the saved results should not persist.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search keywords and related request parameters are transmitted to the provider backend, so they should not be treated as purely local.
The skill sends the user's keyword search parameters to an API endpoint to create a Douyin search task, which is expected for this API-backed analytics purpose.
const data = { keyword, sort_type: sort, publish_time: time, limit: limit }; ... "/api/douyin/general-search/keyword"Only submit keywords, profile URLs, or monitoring targets you are comfortable sharing with the API provider.
The token may authorize API usage or quota, so exposure could let someone else use the service as you.
The configured GUAIKEI_API_TOKEN is included in API requests; this is purpose-aligned credential use, not evidence of unrelated credential access.
const res = await getJson("/api/douyin/hot-search", { _: Date.now(), token: token });Use a dedicated token for this skill, keep it out of chats and logs, and rotate it if you suspect it was exposed.
It may be harder to verify who operates the skill and backend service before trusting it with API tokens and query data.
The package source and project homepage are not identified in the registry metadata, which limits independent provenance checking even though the provided source files are readable and contain no install-time execution.
Source: unknown; Homepage: none
Install only if you trust the listed owner/provider and can verify the token acquisition channel.
Your retrieved Douyin results, searched keywords, and monitored account identifiers may remain on disk after use.
Search and post results are persisted to a local logs directory, matching the documentation but creating retained local artifacts.
path.join(path.dirname(__filename), "..", "..", "logs", safeFilename); ... await fs.promises.writeFile(outputFilename, content);
Review or delete the logs directory if the searches or monitoring targets are sensitive.