← Back to Skills Marketplace
120
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install xiaofei-ziyong-douyin-transcribe
Description
全自动抖音视频下载 + 语音转文字管道。当用户发送抖音链接并要求转写文字、提取字幕、语音转文本时使用。触发词包括"抖音转写"、"抖音文字"、"抖音转文本"、"抖音字幕"、"douyin transcribe"。
Usage Guidance
This skill appears to implement the stated Douyin→audio→local-ASR pipeline, but there are several things to check before installing or running it: 1) The Node script uses a non-standard import path (/tmp/puppeteer_test/node_modules/puppeteer-core) and expects Chrome at /usr/bin/google-chrome; verify these paths or adjust the script to use your system's Node/pupeteer and Chrome. 2) The script navigates to an external parser site (hellotik.app) and intercepts network traffic to find CDN URLs — this is necessary for the task but means the code loads third-party web content during execution. 3) feishu_upload.py references FEISHU_APP_TOKEN and FEISHU_TOKEN (environment variables) in a placeholder; the SKILL metadata does not declare these. If you plan to use Feishu upload, confirm what credentials are actually required and do not expose broad tokens to untrusted code. 4) The skill instructs installing a global npm ASR CLI and downloading a model from GitHub — these network downloads and global installs should be performed in a controlled environment (container or VM) if you are concerned about supply-chain or permission issues. 5) The Node launch uses Chrome flags like --no-sandbox; running headless Chrome without a sandbox has security implications — prefer running in a sandboxed container. If these oddities (hardcoded paths, undeclared env vars, external site dependency) are acceptable and you review the scripts locally before running, the risk is moderate; otherwise treat the skill as untrusted and run it in isolation or decline to install.
Capability Analysis
Type: OpenClaw Skill
Name: xiaofei-ziyong-douyin-transcribe
Version: 1.0.1
The skill bundle contains significant shell injection vulnerabilities in `transcribe.py` and `feishu_upload.py` due to the use of `subprocess.run(shell=True)` with unsanitized inputs (e.g., the `--url` parameter). While the stated purpose of downloading and transcribing Douyin videos appears legitimate, the implementation uses risky patterns like executing multi-line Python strings via shell commands and hardcoding specific Feishu folder/space IDs. The `feishu_upload.py` script is currently a stub that prints 'SKIP' but contains logic structures that could be easily modified for data exfiltration if the application credentials were provided.
Capability Assessment
Purpose & Capability
The name/description (Douyin download + local transcription) matches the code: Node script to obtain a CDN video URL, curl to download, ffmpeg to extract audio, and a local ASR (coli/faster-whisper). However the Node script imports puppeteer-core from a hardcoded /tmp path and launches Chrome at /usr/bin/google-chrome — these hardcoded paths are unusual and not explained in the SKILL.md.
Instruction Scope
SKILL.md instructs installing coli, the sensevoice model, Node/ffmpeg — consistent with purpose — but the code (feishu_upload.py) reads FEISHU_APP_TOKEN and FEISHU_TOKEN from the environment in a subprocess (even though the README doesn't declare these env vars). The Node script navigates to an external parsing site (hellotik.app) and intercepts network requests; that is expected for extracting CDN links but means the skill will load external web content and rely on it. Overall the runtime instructions and code reference environment variables and behaviors not clearly documented.
Install Mechanism
There is no install spec in the registry (instruction-only), which is lower risk, but SKILL.md asks the operator to globally install npm packages and download a ~60MB model from GitHub. The Node script expects puppeteer-core to be available at /tmp/puppeteer_test/node_modules/puppeteer-core and expects a local Chrome binary at /usr/bin/google-chrome; those implicit / non-standard install expectations are fragile and surprising.
Credentials
The registry declares no required env vars, but feishu_upload.py attempts to read FEISHU_APP_TOKEN and FEISHU_TOKEN (via a python -c stub) and the Node script can read DOUYIN_URL from the environment (transcribe.py sets this when invoking). The skill's docs do not declare FEISHU_APP_TOKEN/FEISHU_TOKEN as required; that mismatch could surprise users. Otherwise the skill does not demand broad credentials.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or system-wide agent settings. It writes temporary files to the specified output dir only and has an optional cleanup flag.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xiaofei-ziyong-douyin-transcribe - After installation, invoke the skill by name or use
/xiaofei-ziyong-douyin-transcribe - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
修复 SKILL.md 缺少 YAML frontmatter 问题,添加 name 和 description 字段使 OpenClaw 可识别
v1.0.0
首次发布:抖音视频下载+语音转文字管道,支持视频直链拦截、sensevoice本地ASR、飞书上传
Metadata
Frequently Asked Questions
What is Douyin Transcribe?
全自动抖音视频下载 + 语音转文字管道。当用户发送抖音链接并要求转写文字、提取字幕、语音转文本时使用。触发词包括"抖音转写"、"抖音文字"、"抖音转文本"、"抖音字幕"、"douyin transcribe"。 It is an AI Agent Skill for Claude Code / OpenClaw, with 120 downloads so far.
How do I install Douyin Transcribe?
Run "/install xiaofei-ziyong-douyin-transcribe" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Douyin Transcribe free?
Yes, Douyin Transcribe is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Douyin Transcribe support?
Douyin Transcribe is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Douyin Transcribe?
It is built and maintained by mengzi53 (@mengzi53); the current version is v1.0.1.
More Skills