← Back to Skills Marketplace

Douyin DL

Name: Douyin DL
Author: lskun

by shaokunli · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

582

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install douyin-dl

Description

Download Douyin (抖音) short videos from URLs. Supports direct video links, search page links with modal_id, share links (v.douyin.com), and note links. Uses h...

README (SKILL.md)

Douyin Video Downloader

Downloads Douyin videos by opening the page in a headless browser, extracting the \x3Cvideo> source URL, and downloading via curl. This bypasses yt-dlp's cookie issues with Douyin's anti-scraping.

Prerequisites

agent-browser (npm i -g agent-browser)
curl

Usage

python3 scripts/douyin_download.py \x3CURL> [--output-dir DIR] [--filename NAME]

Supported URL Formats

https://www.douyin.com/video/\x3Cid> — direct video page
https://www.douyin.com/search/...?modal_id=\x3Cid> — search results with video modal
https://v.douyin.com/\x3Ccode> — share short links
https://www.douyin.com/note/\x3Cid> — note/image posts with video

Examples

# Basic download to ~/Downloads
python3 scripts/douyin_download.py 'https://www.douyin.com/video/7577715519366576522'

# Custom output directory and filename
python3 scripts/douyin_download.py 'https://www.douyin.com/video/7577715519366576522' \
  -o ~/Videos -f my_video

# From search page URL
python3 scripts/douyin_download.py 'https://www.douyin.com/search/关键词?modal_id=7577715519366576522'

How It Works

Normalize URL → extract video ID, construct direct video page URL
Open page in agent-browser (headless Chromium)
Extract \x3Cvideo> element's currentSrc (CDN direct link)
Close browser
Download MP4 via curl with proper Referer header

Notes

No login required — fresh browser session is sufficient
Video title auto-detected from page title for filename
Large videos may take 30-60s to download depending on network
CDN links are temporary (~2h validity); download promptly after extraction

Usage Guidance

This skill appears to do what it claims, but the included Python script runs shell commands with shell=True and inserts user-supplied URL and the extracted video URL verbatim into command strings. That creates a real command-injection risk. Before installing or invoking: (1) Inspect or run the script in a restricted/sandboxed environment (VM/container) rather than on a production machine. (2) Ensure agent-browser is installed from a trusted source (npm package integrity). (3) Prefer fixing the script: use subprocess.run with a list of arguments or use shlex.quote when building commands, validate/sanitize the URL and video_src, and avoid shell=True. (4) If you cannot audit or patch the code, avoid running it with untrusted inputs or allow the agent to invoke it autonomously.

Capability Analysis

Type: OpenClaw Skill Name: douyin-dl Version: 1.0.0 The skill contains a critical shell injection vulnerability in `scripts/douyin_download.py` due to the use of `subprocess.run(shell=True)` with unsanitized user input (the URL and output path). While the script's logic and `SKILL.md` instructions align with the stated purpose of downloading videos via a headless browser, the insecure command construction allows for arbitrary code execution if a crafted URL is provided. No clear evidence of intentional malice or data exfiltration was found.

Capability Assessment

✓ Purpose & Capability

Name/description match the code and SKILL.md: it opens Douyin pages with a headless browser, extracts the video src, and downloads via curl. Required tools (agent-browser, curl) are appropriate and declared in SKILL.md.

ℹ Instruction Scope

Instructions and script stay within the stated downloading purpose (open page, extract <video>, download). However the script accepts arbitrary URLs and inserts both the user-supplied URL and the extracted video_src directly into shell commands (subprocess.run(..., shell=True)), creating a command-injection risk if inputs contain malicious characters or if the page provides unexpected values.

✓ Install Mechanism

No install spec (instruction-only plus an included script). The script requires agent-browser and curl, and SKILL.md documents that. Nothing is downloaded from untrusted URLs or installed automatically by the skill.

✓ Credentials

No environment variables, credentials, or config paths are requested. The skill's access needs are minimal and appropriate for its purpose.

✓ Persistence & Privilege

always is false and the skill does not request persistent or system-wide privileges. It does invoke external binaries but does not modify other skills or system configs.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install douyin-dl
After installation, invoke the skill by name or use /douyin-dl
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release: download Douyin videos via headless browser + curl. Supports video pages, search modals, share links, and note URLs.

Metadata

Slug douyin-dl

Version 1.0.0

License MIT-0

All-time Installs 4

Active Installs 4

Total Versions 1

Frequently Asked Questions

What is Douyin DL?

Download Douyin (抖音) short videos from URLs. Supports direct video links, search page links with modal_id, share links (v.douyin.com), and note links. Uses h... It is an AI Agent Skill for Claude Code / OpenClaw, with 582 downloads so far.

How do I install Douyin DL?

Run "/install douyin-dl" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Douyin DL free?

Yes, Douyin DL is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Douyin DL support?

Douyin DL is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Douyin DL?

It is built and maintained by shaokunli (@lskun); the current version is v1.0.0.

More Skills