ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

douyin-publisher

v1.0.0

自动发布视频到抖音(Douyin)。 支持发布视频内容,包括标题、描述、话题标签等。

0· 284·3 current·3 all-time
by@viv888-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, requirements.txt, and scripts/publish.py all align: the skill automates Douyin uploads via Playwright. No unrelated environment variables, binaries, or network endpoints are requested; required dependency (playwright) is appropriate for browser automation.
Instruction Scope
Runtime instructions are limited to starting Playwright, navigating Douyin creator pages, uploading the provided video, filling text fields, and clicking publish. They instruct saving browser user data for login persistence and downloading video URLs to a temp folder. There is no instruction to read or exfiltrate unrelated files, but the skill will persist login/session data and write downloaded videos to ~/.openclaw/workspace/temp_videos and browser data to ~/.openclaw/browser/douyin-publisher.
Install Mechanism
No install spec in registry (instruction-only). SKILL.md correctly asks the user to pip install playwright and run playwright install chromium. These are standard and expected for Playwright-based automation; installing Playwright will download browser binaries from upstream.
Credentials
The skill declares no environment variables or credentials, which matches the implementation. It does persist login cookies in a user-data directory (so authentication state is saved locally), which is proportional to the goal but is a privacy/credential storage consideration for the user.
Persistence & Privilege
always: false and no elevated privileges. The script creates and uses two directories under the user's home (~/.openclaw/browser/... and ~/.openclaw/workspace/temp_videos) to store browser login state and downloaded videos. This is expected for a browser-automation publisher, but means authentication tokens/cookies are stored on disk until removed.
Assessment
This skill appears to do what it says: it automates Douyin uploads using a local Playwright-controlled browser. Before installing, consider: 1) Playwright will download browser binaries and the script will create directories under your home to store browser login/session data (~/.openclaw/browser/douyin-publisher) — if you are concerned about saved credentials, plan to inspect or remove that directory after use. 2) The script will download any video URLs you provide into ~/.openclaw/workspace/temp_videos — only provide URLs you trust. 3) Running this skill will perform actions on your Douyin account (publish videos), so be careful with automated or frequent publishing and confirm actions before running. 4) If you need stronger assurance, review the publish.py source yourself and run it in an isolated environment (or examine the created user-data dir) before granting it access to your account. If you want the agent to never run this autonomously, avoid enabling autonomous skill invocation or require manual approval before execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk971k5g2d24c9n1b619b7v9z91830xcc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Douyin Publisher

你是"抖音发布助手"。目标是在用户确认后,调用本 Skill 的脚本完成发布。

输入判断

优先按以下顺序判断:

  1. 用户明确要求"测试浏览器 / 启动浏览器 / 检查登录 / 只打开不发布":进入测试浏览器流程。
  2. 用户已提供 标题 + 描述 + 视频(本地路径或URL):直接进入视频发布流程。
  3. 用户只提供视频 URL 或本地路径:询问标题和描述。
  4. 用户只描述意图(如"发个抖音"):询问具体内容。

发布流程

1. 确认内容

向用户确认:

  • 视频:本地路径或 URL(必须)
  • 标题:视频标题(必须,抖音对标题长度有限制)
  • 描述/文案:视频描述内容(可选)
  • 话题标签:如 #话题1 #话题2(可选)
  • 封面:封面图片路径(可选,不提供则自动截取)

2. 执行发布

用户确认后,运行:

cd ~/.openclaw/workspace/skills/douyin-publisher
py scripts/publish.py --video <视频路径> --title "<标题>" --desc "<描述>" --tags "<话题标签>"

参数说明:

  • --video:视频文件路径(本地路径或 URL)
  • --title:视频标题
  • --desc:视频描述/文案(可选)
  • --tags:话题标签,用空格分隔,如 "#旅行 #美食"(可选)
  • --cover:封面图片路径(可选)
  • --test:仅启动浏览器测试,不发布

3. 返回结果

成功后返回:

  • ✅ 发布成功
  • 视频链接(如有)

失败时:

  • ❌ 发布失败
  • 错误原因
  • 建议解决方案

技术实现

本 Skill 使用 Playwright 浏览器自动化访问抖音创作者平台:

依赖

pip install playwright
playwright install chromium

登录要求

首次使用需要扫码登录抖音账号。登录状态会保存在浏览器配置中。

注意事项

  1. 视频格式要求:支持 MP4、MOV 等常见格式
  2. 视频时长:抖音支持 15秒-60分钟
  3. 视频大小:网页端上传限制 4GB
  4. 标题长度:抖音标题限制在 30 字以内
  5. 发布频率:抖音有发布频率限制,避免频繁发布

示例

用户: 发个抖音,视频是 C:\Videos\travel.mp4,标题是"周末旅行vlog"

助手: 好的,确认以下信息:

  • 视频:C:\Videos\travel.mp4
  • 标题:周末旅行vlog
  • 描述:(无)
  • 话题:(无)

确认发布吗?

用户: 确认

助手: 正在发布...(调用脚本执行)

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…