← Back to Skills Marketplace
125
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install tiktok-downloader
Description
Download TikTok videos by URL or hashtag. Handles 403 errors, cookies, and user-agent rotation. Use for downloading TikTok videos, batch downloading from a l...
Usage Guidance
This skill appears to do what it says, but it asks the agent to read your browser cookie directory (a sensitive source of session tokens) and assumes yt-dlp and a Chromium profile exist even though those are not declared. Before installing: 1) Inspect the script yourself (it's short) to confirm no network exfiltration — the included script does not POST to external endpoints. 2) Avoid giving it unrestricted access to your real browser profile; instead create a dedicated browser profile with only TikTok cookies or run in an isolated/VM environment. 3) Ensure yt-dlp is installed from a trusted source if you intend to use the skill. 4) Ask the publisher to declare required binaries and the config path in metadata, or remove hardcoded absolute paths so you can control which cookie store is used.
Capability Analysis
Type: OpenClaw Skill
Name: tiktok-downloader
Version: 1.0.0
The skill is classified as suspicious because it requires access to sensitive browser profile data (`/home/ubuntu/.browser_data_dir`) to extract cookies for bypassing TikTok's anti-bot measures, as documented in `SKILL.md`. While this functionality is aligned with the stated purpose, the `scripts/download_tiktok.sh` script is vulnerable to argument injection because it passes the user-provided URL directly to `yt-dlp` without using the `--` separator, which could allow an attacker to execute arbitrary commands via `yt-dlp` flags (e.g., `--exec`).
Capability Assessment
Purpose & Capability
The skill's stated purpose (download TikTok videos, handle 403s via cookies and UA rotation) aligns with the included script, but the package declares no required binaries or config paths while the SKILL.md and script explicitly require yt-dlp, a browser, and a specific cookie directory (/home/ubuntu/.browser_data_dir). Those are legitimate needs for this purpose but should have been declared; the hardcoded absolute path and lack of declared requirements are inconsistent.
Instruction Scope
Runtime instructions tell the agent to navigate with the browser tool to create/refresh cookies and then to extract cookies from /home/ubuntu/.browser_data_dir. That directs the agent to read local browser data (sensitive), and the instructions give the agent discretion to log in via the browser — both actions go beyond a simple downloader and increase exposure of credentials/session tokens. The instructions also assume presence of yt-dlp and a Chromium browser without declaring them.
Install Mechanism
There is no install spec (instruction-only plus a small shell script). No external downloads or archive extraction are performed by the skill itself. The included script is short and directly calls yt-dlp; no additional packages are pulled by the skill.
Credentials
The skill requests no environment variables, but it requires access to a browser cookie directory (effectively a form of credential access). That access is sensitive and not declared in requires.config or similar metadata. The skill could read other cookies or session tokens in that directory; this level of filesystem credential access should be explicitly declared and minimized.
Persistence & Privilege
The skill is not always-enabled and does not request elevated/persistent privileges. It does not attempt to modify other skills or system-wide configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tiktok-downloader - After installation, invoke the skill by name or use
/tiktok-downloader - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of TikTok Downloader.
- Download TikTok videos by URL or hashtag, with support for batch downloads.
- Handles common anti-bot measures, including 403 errors via browser cookie extraction and user-agent rotation.
- Provides detailed instructions for single and multiple video downloads.
- Offers best practices for navigating login requirements and avoiding rate limits.
Metadata
Frequently Asked Questions
What is tiktok-downloader?
Download TikTok videos by URL or hashtag. Handles 403 errors, cookies, and user-agent rotation. Use for downloading TikTok videos, batch downloading from a l... It is an AI Agent Skill for Claude Code / OpenClaw, with 125 downloads so far.
How do I install tiktok-downloader?
Run "/install tiktok-downloader" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is tiktok-downloader free?
Yes, tiktok-downloader is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does tiktok-downloader support?
tiktok-downloader is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created tiktok-downloader?
It is built and maintained by kgc-yj (@kgc-yj); the current version is v1.0.0.
More Skills