douyin-to-text
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may download or run code from the dytext-cli npm package, so behavior ultimately depends on that external package.
The skill delegates execution to an external npm package through npx; this is central to the skill's purpose, but the package code is not included in the provided artifacts.
exec npx dytext-cli "$@"
Use only if you trust the dytext-cli npm package and its publisher; consider pinning or reviewing the package source before use.
Someone with access to the saved API key could potentially use the dytext account or consume its credits.
The skill stores a service API key locally, which is expected for this service but is still a credential that can affect account balance/history if exposed.
API Key 自动保存到 `~/.dycaption`,无需手动配置。
Treat the dytext API key as a secret, protect the ~/.dycaption file, and revoke or rotate the key if you no longer trust the environment.
Douyin links and account-related API information are shared with a third-party service during use.
The skill explicitly discloses that Douyin share links and the API key are sent to the dytext.cn backend for transcription.
将抖音分享链接和 API Key 发送到服务端进行语音转文字处理。
Only submit links you are comfortable sending to dytext.cn, and review the provider's privacy/security practices if the content is sensitive.