📦 Tiktok Bulk Publisher Final — 批量发布TikTok

v1.2.0

基于OAuth 2.0授权API，一次性批量上传并发布TikTok视频，可统一设定标题、隐私及互动参数，实现高效内容分发。

0· 203·1 当前·1 累计

by @fly3094

自动化 API工具

下载技能包

最后更新

2026/4/21

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

Do not provide TikTok client credentials to this skill yet. Before installing or running anything, ask the author for the missing code (scripts/tiktok_publisher.py and any dependencies) or a public source/homepage you can inspect. Confirm the registry metadata is updated to list required env vars. If you must test now, run in an isolated environment (air-gapped VM or container) and inspect any Python scripts before executing. If you cannot obtain the source, treat the skill as incomplete/untrust...

详细分析 ▾

⚠ 用途与能力

The SKILL.md describes a full-featured TikTok bulk publisher (OAuth 2.0, auto-editing, recommendations, scheduling). However, no code files are included in the bundle and the registry metadata lists no required env vars while the SKILL.md declares TIKTOK_CLIENT_KEY and TIKTOK_CLIENT_SECRET as required. That mismatch means the claimed capability is not backed by the shipped artifacts.

⚠ 指令范围

Runtime instructions tell the agent/user to run 'python3 scripts/tiktok_publisher.py --videos ... --config config.json', but no scripts/ directory or Python code are present in the skill. The instructions therefore expect local files that are not included; they do not instruct accessing unrelated system files, but they do grant broad implicit permission to run arbitrary local Python code if present.

✓ 安装机制

This is an instruction-only skill with no install spec and no downloads. That minimizes installer risk — nothing is written to disk by an installer. Declaring python3 and curl as required binaries is reasonable for the described commands.

⚠ 凭证需求

The SKILL.md's internal metadata declares two required credentials (TIKTOK_CLIENT_KEY and TIKTOK_CLIENT_SECRET), which are appropriate for a TikTok API integration. However, the registry-level metadata reported 'Required env vars: none' and 'Primary credential: none', creating an inconsistency. The skill's documentation asks for sensitive OAuth client secret material but the overall package metadata does not surface that requirement.

✓ 持久化与权限

The skill is not marked always:true and does not request system-wide config or modify other skills. It permits autonomous invocation by default (platform normal), which combined with the other concerns means the agent could run local scripts if allowed — but there is no evidence of persistent privileged behavior in the package itself.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.2.02026/3/20

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install tiktok-bulk-publisher

镜像加速npx clawhub@latest install tiktok-bulk-publisher --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库