← Back to Skills Marketplace
1107
Downloads
1
Stars
11
Active Installs
1
Versions
Install in OpenClaw
/install save-douyin-video-to-feishu-drive
Description
从抖音分享链接或视频页 URL 解析出可下载的视频直链、标题与描述,并可下载到本地或上传到飞书云盘。适用于需要解析抖音 URL(短链、/video/、/note/、modal_id 等)并获取真实播放地址或下载视频时使用。
Usage Guidance
This skill appears to implement the described functionality, but review before use: 1) Required tooling is understated — you need Node 18+ to run the script, and SKILL.md examples assume curl and python3; ensure these are present. 2) Do NOT store app_id/app_secret or access tokens in plaintext TOOLS.md or shared files; prefer ephemeral tokens or secure secret storage (environment variables or a secrets manager). 3) The README suggests a readonly Feishu permission (drive.metadata:readonly) which contradicts the script's upload behavior — confirm required Feishu scopes (upload needs write permissions). 4) Run the script in a sandboxed environment (or with limited privileges) the first few times and inspect network calls if possible. 5) If you need higher confidence, ask the publisher for: a homepage/source repo, explanation of Feishu scopes required, and a statement that secrets will not be logged or stored insecurely. If you proceed, avoid embedding long-lived credentials in plain files.
Capability Analysis
Type: OpenClaw Skill
Name: save-douyin-video-to-feishu-drive
Version: 1.0.0
The skill bundle's primary purpose is to parse Douyin video URLs, download videos, and upload them to Feishu Drive, which is a benign function. However, the `scripts/parse-douyin-video.js` file contains an arbitrary file write vulnerability. The `outputPath` argument, which can be controlled by user input or the agent, is directly used in `createWriteStream()` without sanitization. This could allow an attacker to overwrite arbitrary files on the system (e.g., `/etc/passwd` or `/root/.bashrc`) if a malicious path is provided. While there is no clear evidence of intentional data exfiltration, backdoors, or other malicious intent, this critical vulnerability makes the skill suspicious.
Capability Assessment
Purpose & Capability
Name/description match the included script: it parses Douyin URLs, downloads video, and can upload to Feishu Drive. However, the package metadata claims no required binaries while SKILL.md and the script clearly require at least Node (Node 18+), and SKILL.md examples also use curl and python3. The absence of these requirements in metadata is an inconsistency.
Instruction Scope
SKILL.md instructs network operations (fetching Douyin and Feishu APIs), downloading files to temp directories, and uploading to Feishu — all consistent with purpose. Concerning items: SKILL.md suggests saving app_id/app_secret and folder_token into TOOLS.md (plaintext storage), and provides a curl|python snippet that assumes curl and python3 are available. The guidance to save secrets in a shared preferences file expands scope and increases risk.
Install Mechanism
No install spec — the skill is instruction + a single JavaScript script. Nothing is downloaded from external arbitrary URLs at install time. Risk is primarily runtime (script execution) rather than installer behavior.
Credentials
The skill requires Feishu credentials to upload (app_id/app_secret or tenant token and folder token). That is proportional to upload functionality, but SKILL.md recommends storing these secrets in TOOLS.md (plaintext) which is insecure. Also SKILL.md recommends giving the robot 'drive:drive.metadata:readonly' permission even though the script performs uploads (write operations) — this permission guidance appears incorrect or inconsistent with required capabilities.
Persistence & Privilege
always:false and no automatic autonomous persistence are appropriate. The only persistence the skill requests is that the user save preferences into TOOLS.md; this is user-directed, but the guidance to store secrets there is risky. The skill does not request system-wide config changes or other skills' credentials.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install save-douyin-video-to-feishu-drive - After installation, invoke the skill by name or use
/save-douyin-video-to-feishu-drive - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
转发抖音分享链接,转存视频到飞书云盘。
Metadata
Frequently Asked Questions
What is Save Douyin Video To Feishu Drive?
从抖音分享链接或视频页 URL 解析出可下载的视频直链、标题与描述,并可下载到本地或上传到飞书云盘。适用于需要解析抖音 URL(短链、/video/、/note/、modal_id 等)并获取真实播放地址或下载视频时使用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 1107 downloads so far.
How do I install Save Douyin Video To Feishu Drive?
Run "/install save-douyin-video-to-feishu-drive" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Save Douyin Video To Feishu Drive free?
Yes, Save Douyin Video To Feishu Drive is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Save Douyin Video To Feishu Drive support?
Save Douyin Video To Feishu Drive is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Save Douyin Video To Feishu Drive?
It is built and maintained by kuaner (@kuaner); the current version is v1.0.0.
More Skills