dy-caption
AdvisoryAudited by VirusTotal on Apr 23, 2026.
Overview
Type: OpenClaw Skill Name: dy-caption Version: 1.0.0 The skill is a legitimate wrapper for the dy-caption service (api.dycaption.cn), designed to transcribe Douyin video audio to text. It uses standard curl commands to interact with documented API endpoints for transcription, credit checks, and history retrieval, and it transparently requires a user-provided API key (DY_CAPTION_API_KEY) as described in SKILL.md and README.md.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the API key may be able to use the dy-caption account and view related account information such as credits or transcription history.
The skill requires a service API key and uses it to authenticate account-level actions, including balance and history queries.
export DY_CAPTION_API_KEY="你的 API Key" ... -H "X-API-Key: $DY_CAPTION_API_KEY" ... /api/v1/credits ... /api/v1/history
Use a dedicated dy-caption API key if available, avoid sharing it, verify the service domain, and revoke or rotate the key if it is exposed.
The Douyin link/share text and API key leave the local environment and are processed by api.dycaption.cn.
The artifact clearly discloses that user-provided Douyin share content and the API key are sent to the external dy-caption service.
本技能会将抖音分享链接 / 分享文案 与 API Key 发送到 dy-caption 服务,请确认你信任该服务后再使用。
Only use the skill with links or share text you are comfortable sending to that service, and review the provider’s trustworthiness and privacy practices.
If installing manually from a repository, the user must rely on their own verification of that repository’s authenticity.
The registry metadata does not provide an official source or install specification, even though the README includes manual GitHub clone instructions.
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill.
Prefer installing from a verified source, confirm the repository owner and contents before cloning, and re-check any future code added to the skill.