← Back to Skills Marketplace
97
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install recall-tao
Description
抖音自动回复技能。通过浏览器自动化连接抖音创作者中心,监控评论,智能分析后自动生成积极、大方、热情、合法的回复。支持关键词匹配、敏感词过滤、评论分类、多账号管理。触发场景:用户提到"抖音自动回复"、"抖音评论回复"、"抖音客服"、"抖音智能回复"、"抖音机器人"等关键词,或明确要求在抖音平台进行自动回复操作。
Usage Guidance
This skill appears to implement the Douyin auto-reply functionality it claims, but there are practical and security concerns you should address before using it with real accounts:
- Dependency & install: The package contains Node scripts that require Playwright and a Chromium browser, but the registry metadata gives no install instructions. Do not run this on your main machine until you have (a) reviewed the code, (b) installed dependencies in an isolated environment, and (c) verified what will be executed.
- Sensitive local state: The skill saves browser storageState/auth-state.json and other config files locally. Those files contain session tokens/cookies that grant access to your Douyin accounts. Treat them like credentials: store them only on systems you control, and remove them if you uninstall.
- Test on disposable accounts: Before pointing it at production creator accounts, run it against a test account so you can confirm behavior (reply wording, deletion rules, rate limits, sensitive-word handling).
- Review automation rules and outputs: The scripts can auto-reply, skip, delete, or mark comments. Check keyword rules, sensitive_words.json, and rate_limit_config.json to ensure they match your policy and avoid accidental mass replies or policy-violating replies.
- AI provider keys: If you plan to enable AI-generated replies via an external provider, supply API keys only after confirming where and how they will be used and stored (the skill doesn't declare required env vars for API keys).
- Least privilege & isolation: Run the skill in an isolated environment (VM/container) if possible and limit its file-system access. Keep backups of any session files you want to keep, and rotate/revoke sessions if you stop using the skill.
- Code audit: Because the bundle contains executable scripts, review the remaining (omitted) source files for any network calls to unexpected endpoints or explicit exfiltration logic before trusting this skill with real accounts.
If you want, I can: (1) search the remaining files for network endpoints/HTTP requests and surface any outbound endpoints, (2) list exact dependency calls (require/import) across all files, or (3) produce a checklist of things to change in config before enabling auto-reply.
Capability Analysis
Type: OpenClaw Skill
Name: recall-tao
Version: 1.0.1
The 'recall-tao' skill bundle is a legitimate and well-structured automation tool for managing Douyin (TikTok China) creator accounts. It utilizes Playwright for browser automation, implementing features like comment monitoring, keyword-based filtering, and AI-integrated replies (supporting DeepSeek, OpenAI, and Claude). The scripts (e.g., browser_manager.js, rate_limiter.js, and persistence_manager.js) are modular and focused on operational stability, rate limiting, and session persistence. No evidence of data exfiltration, malicious prompt injection, or unauthorized remote execution was found; all high-risk browser and file system operations are consistent with the stated purpose of the tool.
Capability Assessment
Purpose & Capability
The name/description (自动回复抖音评论 via browser automation) aligns with the included code: browser manager, comment-checking/evaluation scripts, batch monitor, reply sender, intent helpers and config files. The code implements monitoring, keyword rules, sensitive-word filtering, rate limiting and multi-account handling as claimed.
Instruction Scope
SKILL.md and the scripts instruct the agent to open creator.douyin.com, extract full DOM fragments (some debug outputs include element.outerHTML), analyze comments, and perform automated replies/deletes/marking. That behavior is within the stated purpose, but the scripts collect full DOM snippets and persist state for sessions/comments — which can capture more data than strictly necessary (e.g., surrounding DOM or metadata). The instructions do not request unrelated system files or credentials, but they implicitly require user account logins and will act on those accounts.
Install Mechanism
Registry metadata claims 'No install spec / instruction-only', yet the bundle contains many Node scripts that require runtime dependencies (notably Playwright). browser_manager explicitly requires 'playwright' and will throw if missing. No install steps, dependency list, or prebuilt binaries are declared — this mismatch is risky: the skill will either fail, or require manual installation of Node and Playwright (and browsers). There is no controlled, signed install or known release host referenced.
Credentials
The skill declares no required environment variables, which matches the manifest, but it persists authentication state and logs to disk (userDataDir derived from process.env.LOCALAPPDATA or TEMP) and uses local config files to store account metadata. AI provider configuration fields exist (apiKey fields) but are not enforced; if you wire an external AI provider you will need to provide keys. The skill will have access to any Douyin sessions you log into it and to the session storage files — this is expected for the feature but is sensitive and not explicitly called out in metadata.
Persistence & Privilege
always:false (normal). The skill persistently stores login state (auth-state.json) and other state/config under its data/config directories and a userDataDir for the browser profile. Persisting sessions is necessary for avoiding repeated logins, but it means the skill holds long-lived credentials (browser cookies/localStorage) on disk. The skill can be invoked autonomously (disable-model-invocation:false) which is platform default; combined with persistent sessions this increases potential impact if you later trust the skill to act without close supervision.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install recall-tao - After installation, invoke the skill by name or use
/recall-tao - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Version 1.0.1
- Initial release of "recall-tao" skill.
- Added 28 files including configuration, data storage, monitoring scripts, error handling, logging, rate limiter, scheduling, and browser automation scripts.
- Supports monitoring Douyin Creator Center comments and auto-generating compliant replies.
- Includes keyword rules, sensitive word filtering, rate limiting, multi-video monitoring, and robust error handling.
v1.0.0
Initial release of the douyin-auto-reply skill:
- Enables browser-based automation for monitoring and replying to Douyin creator center comments.
- Supports simultaneous multi-video comment monitoring, intelligent comment understanding, and positive, compliant auto-replies.
- Ensures reply correctness by interacting with nested input boxes (not general top input), following Douyin reply principles.
- Handles authentication, error management, and persistent state tracking for processed comments.
- Includes scripts for comment checking and reply sending, with proper usage guidelines.
Metadata
Frequently Asked Questions
What is 桃噗噗回复助手?
抖音自动回复技能。通过浏览器自动化连接抖音创作者中心,监控评论,智能分析后自动生成积极、大方、热情、合法的回复。支持关键词匹配、敏感词过滤、评论分类、多账号管理。触发场景:用户提到"抖音自动回复"、"抖音评论回复"、"抖音客服"、"抖音智能回复"、"抖音机器人"等关键词,或明确要求在抖音平台进行自动回复操作。 It is an AI Agent Skill for Claude Code / OpenClaw, with 97 downloads so far.
How do I install 桃噗噗回复助手?
Run "/install recall-tao" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 桃噗噗回复助手 free?
Yes, 桃噗噗回复助手 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 桃噗噗回复助手 support?
桃噗噗回复助手 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 桃噗噗回复助手?
It is built and maintained by hexiuqian (@hexiuqian); the current version is v1.0.1.
More Skills