ClawHub

抖音下载器-douyin_downloader

v1.0.0

最稳定的抖音视频下载工具,用户提供抖音链接或modal_id即可自动解析并下载。

12· 4.4k·43 current·45 all-time
by@valderwu3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description match the included Python script: it uses TikHub's API to resolve a modal_id and then downloads a Douyin video. However, the registry metadata declares no required credentials or config, while the SKILL.md and the script explicitly require a TikHub API token stored in ~/.openclaw/config.json. The missing declaration of that credential is an incoherence.
Instruction Scope
SKILL.md stays on-task (how to trigger the skill and how to provide modal_id/link, and where to put the TikHub token). The runtime instructions and script only read ~/.openclaw/config.json for the token and perform network requests to TikHub and Douyin to resolve and download video content—no other local files or broad system access are requested.
Install Mechanism
There is no install spec (instruction-only skill) and the provided Python script is straightforward. No third-party downloads or archive extraction are performed by an installer. The script uses the requests library, which assumes a Python environment with that dependency available.
!
Credentials
The skill requires a TikHub API token (stored in ~/.openclaw/config.json) but the registry metadata lists no required environment variables or credentials. Requesting a token stored in the user's home config is reasonable for the task, but the omission in metadata and absence of a declared primary credential reduce transparency and are disproportionate to what's advertised.
Persistence & Privilege
The skill does not request always:true and does not modify system-wide settings. It only reads a single config file in the user's home and writes downloaded video files to the current working directory; no evidence of elevated or persistent privileges beyond that.
What to consider before installing
This skill largely does what it claims (resolve a modal_id via TikHub and download the video), but note these points before installing: - SKILL.md and the script require you to store a TikHub API token in ~/.openclaw/config.json, yet the registry metadata does not declare any required credentials—this mismatch reduces transparency. - The skill sends your modal_id and the token to https://api.tikhub.io and then downloads content from Douyin. Only provide a token if you trust TikHub and its privacy policy. Consider creating a limited or disposable token if possible. - The publisher has no homepage and an unknown owner ID; prefer skills with clear provenance. If you still want to use it, run it in a sandbox, inspect network traffic, or review the included script (which, in this case, is short and readable) to confirm behavior. - If you need full assurance, ask the author to update the registry metadata to declare the required credential and provide a homepage/source repository, or choose a downloader from a trusted source.

Like a lobster shell, security has layers — review code before you run it.

latestvk972d030cwkr9x28ghq4j1bwen817m70

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments