This TikTok data skill is broadly documented, but it mixes a claimed read-only scope with sensitive session-cookie, signing, device-registration, and at least one write-capable endpoint.
Review before installing. Use only a separate MaxHub API key and test TikTok accounts, avoid providing real browser session cookies or login-related inputs, and do not allow agents to invoke write, cookie, device-registration, or signing endpoints automatically. Public read-only lookups are the lowest-risk use case; creator/account analytics and crypto/tool endpoints require careful consent and handling.