抖音下载器(Node.js)
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-aligned for downloading Douyin videos and optionally transcribing audio, but users should notice it runs local media tools and can send audio plus an API key to SiliconFlow.
This skill is reasonable for its stated purpose. Before using it, make sure ffmpeg is trusted, use a dedicated DOUYIN_API_KEY if you need transcription, and only transcribe videos whose audio you are willing to upload to SiliconFlow. The provided source view was truncated near the end, so this assessment is based on the visible artifacts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill will execute local media-processing binaries on downloaded media files.
The skill runs the local ffmpeg binary to extract audio from a downloaded video. This is expected for the stated transcription feature, but it is still local process execution.
const proc = spawn(ffmpegPath, args);
Install ffmpeg from a trusted source and run the skill only on videos you intend to process.
If you use the transcription feature, a local environment API key is used to authenticate with SiliconFlow.
The skill reads an API key from environment variables and sends it as a Bearer token to the transcription provider. This is disclosed and purpose-aligned, though the generic API_KEY fallback is broader than ideal.
apiKey = process.env.DOUYIN_API_KEY || process.env.API_KEY; ... 'Authorization': `Bearer ${apiKey}`Prefer setting a dedicated DOUYIN_API_KEY for this skill rather than relying on a generic API_KEY environment variable.
Audio from the downloaded video may be uploaded to SiliconFlow for transcription.
For transcription, the skill reads the extracted audio file and posts it to the SiliconFlow transcription API. This external provider flow is disclosed by the skill description.
const DEFAULT_API_BASE_URL = 'https://api.siliconflow.cn/v1/audio/transcriptions'; ... const audioBuffer = fs.readFileSync(audioPath);
Use the transcription command only for videos whose audio you are comfortable sending to that provider.