← Back to Skills Marketplace
70
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install tiktok-live-mon
Description
TikTok Live stream monitoring and recording automation. Uses Playwright for visual detection and network traffic monitoring to capture FLV stream URLs. Suppo...
Usage Guidance
This skill appears to do what it says (detect TikTok live streams and extract FLV URLs), but there are two practical risks to consider before installing or running it:
1) Missing dependency declarations: The registry metadata lists no required binaries, but the SKILL.md and scripts require Node.js (16+), Playwright/Chromium, and optionally streamlink, yt-dlp, python3, and jq. Make sure those tools are present and up-to-date in a controlled environment.
2) Command injection vulnerability: The Node code uses child_process.exec to run the included shell scripts and interpolates username/quality directly into the shell command. If an attacker can control those inputs (or you run with untrusted usernames), they could execute arbitrary shell commands. Mitigations: run the skill only in an isolated container or VM, avoid passing untrusted input, or patch the code to use safer child_process APIs (spawn with argument arrays or properly escape/sanitize inputs).
Other recommendations: review the included scripts yourself, run the tool under a non-privileged account, and consider restricting autonomous invocation until you've validated it in a sandbox. If you need higher assurance, request a version that properly escapes shell arguments and documents all runtime dependencies.
Capability Assessment
Purpose & Capability
Name/description align with included code: Playwright-based detection plus streamlink/yt-dlp fallbacks. However the registry/metadata claims no required binaries while the SKILL.md and scripts clearly require Node.js, Playwright/Chromium, and optionally streamlink, yt-dlp, python3, and jq. That mismatch (missing declared dependencies) is a packaging/information consistency issue.
Instruction Scope
SKILL.md tells the agent to run the included Node scripts, which in turn monitor network traffic and invoke local helper scripts. The code listens to network responses (only TikTok URLs) and writes logs to /tmp. The bigger concern: the Node code uses child_process.exec to call bash with unescaped user-provided values (username, quality) which creates a command-injection risk if those values are attacker-controlled. The shell scripts use eval and perform unescaped string interpolation as well. While these actions are within the scope of extracting streams, the lack of input sanitization is a security issue.
Install Mechanism
No install spec; this is instruction-plus-code only and does not download arbitrary code at install time. That reduces supply-chain risk. The runtime does require Playwright/Chromium and external CLI tools (streamlink, yt-dlp) but nothing in the package fetches remote archives or runs network installers.
Credentials
The skill requests no environment variables or credentials. The code does not attempt to read hidden credentials or unrelated system config. This is proportionate to its stated purpose.
Persistence & Privilege
The skill is not marked always:true and does not try to modify other skills or system-wide agent settings. It runs as invoked and writes only to temporary files for yt-dlp logging; no persistent privileged presence is requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tiktok-live-mon - After installation, invoke the skill by name or use
/tiktok-live-mon - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of TikTok Live stream monitoring and recording automation.
- Uses Playwright for visual detection of live status and to extract FLV stream URLs from network traffic.
- Automatically checks if a TikTok user is live and records streams to disk.
- Includes notification system for live/offline status changes.
- Provides CLI scripts to check live status and obtain stream URLs.
Metadata
Frequently Asked Questions
What is TikTok Live Monitor?
TikTok Live stream monitoring and recording automation. Uses Playwright for visual detection and network traffic monitoring to capture FLV stream URLs. Suppo... It is an AI Agent Skill for Claude Code / OpenClaw, with 70 downloads so far.
How do I install TikTok Live Monitor?
Run "/install tiktok-live-mon" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is TikTok Live Monitor free?
Yes, TikTok Live Monitor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does TikTok Live Monitor support?
TikTok Live Monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created TikTok Live Monitor?
It is built and maintained by KikiKari (@kikikari); the current version is v1.0.0.
More Skills