Skillv0.1.4

ClawScan security

Douyin Video Analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 8:47 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested resources are consistent with its stated purpose (grab Douyin page/audio, transcribe, and write Obsidian notes), but it makes environment-specific assumptions (hard-coded user paths, Chrome bridge) and accesses browser cookies for authenticated media downloads — review those before running.
Guidance: What to check before installing/running: - Paths and environment: the scripts use hard-coded paths (/Users/bobzhong/…, chrome bridge path, and an iCloud/Obsidian vault). If you're not the original author, update these paths to match your machine to avoid accidental writes or failures. - Browser bridge and cookies: the skill uses a Chrome bridge to run JS and reads document.cookie, then includes that cookie in curl requests to download audio. This is necessary to fetch some protected Douyin media but exposes session cookies. Only run if you trust the chrome bridge script and are comfortable allowing the skill to use the page's cookies. If you don't want to expose your session, run the capture in a logged-out/incognito profile or remove the cookie use. - Network activity: transcription via mlx-whisper may download models from Hugging Face or other repos at runtime. Expect outbound network traffic for model retrieval. - Inspect helper scripts locally: the included Python helpers invoke curl and subprocesses; they appear coherent for the stated purpose and don't contain obfuscated endpoints, but review them and the chrome bridge implementation before running on a sensitive machine. - Permissions and data: the skill will write notes into your Obsidian vault (local/icloud path). Make sure you are okay with analyzed content (and any downloaded audio) being stored there. If you want to proceed safely: update the hard-coded paths to configurable values, verify the chrome bridge script, run first on a throwaway account or in an isolated profile, or modify the code to avoid sending cookies if you only need public metadata.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (Douyin analysis → fetch metadata/audio, transcribe, analyze, save to Obsidian) matches what the code and SKILL.md do. It legitimately requires a browser bridge and local Whisper transcription to access protected audio and create local notes. However, the implementation hard-codes user-specific paths (/Users/bobzhong/... and iCloud Obsidian vault path), which reduces portability and indicates the package is tailored to a particular machine rather than being broadly generic.
Instruction Scope: noteRuntime instructions explicitly say to open Chrome, inspect performance resources, capture candidate media URLs, and use browser-derived headers/cookies to download audio; the code does exactly that (chrome bridge eval, document.cookie, performance entries). Accessing page metadata, resources, and writing transcripts/notes to Obsidian are in-scope. The cookie capture and use for curl are sensitive operations but are declared in SKILL.md.
Install Mechanism: okThere is no install spec (instruction-only), and the repository contains helper scripts executed at runtime. No downloads or third-party archives are fetched by the skill itself. The skill assumes a temporary Python venv where mlx-whisper can be installed; actual venv creation/installation is left to the runtime environment. It relies on an external chrome bridge script (path assumed), which is a subtle external dependency to verify.
Credentials: noteThe skill requests no declared environment variables or credentials, which matches the registry metadata. It does, however, read document.cookie from the opened page and uses that cookie in curl requests to retrieve protected media — this is necessary to access authenticated Douyin media but involves sensitive session tokens. The code also writes to a user-specific Obsidian vault path and expects macOS + Chrome + browser bridge. These accesses are proportionate to the stated goal, but they are privacy-sensitive and environment-specific.
Persistence & Privilege: okThe skill does not request always:true or elevated platform privileges. It writes temporary files under /tmp/douyin_transcribe/ and writes notes into the user's Obsidian Inbox (hard-coded path). Writing to the user's own notes and the temp directory is consistent with the stated behavior and not an inherent privilege escalation.