← Back to Skills Marketplace
644
Downloads
1
Stars
9
Active Installs
6
Versions
Install in OpenClaw
/install douyin-video-download
Description
抖音视频批量下载工具。支持单视频、批量下载、自动去重、无水印下载,智能选择最优下载方式(yt-dlp/Playwright)。
README (SKILL.md)
抖音视频下载器 (安全加固版)
强大的抖音视频批量下载工具,支持无水印、1080P 高清下载。
功能特性
- ✅ 安全加固: 使用
child_process.spawn处理外部调用,彻底杜绝命令注入风险。 - ✅ 高清无水印: 自动解析 1080P 直连,移除水印。
- ✅ 稳定下载: 采用多后端自动切换技术(内置解析引擎 + 社区公认工具),确保高成功率。
- ✅ 批量处理: 支持从文本文件读取链接批量下载。
安装
1. 安装依赖
# 进入技能目录
cd ~/.openclaw/workspace/skills/douyin-video-download
# 安装 Node.js 依赖
npm install
# 安装 Playwright Chromium 浏览器二进制文件 (仅需一次)
# 提示: 如果在受限网络环境下,请确保已配置好 npm 镜像
npx playwright install chromium
2. 安装外部工具 (可选但推荐)
- yt-dlp: 提供最佳下载体验和更高的稳定性。
- Linux/macOS:
sudo curl -L https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp -o /usr/local/bin/yt-dlp && sudo chmod a+rx /usr/local/bin/yt-dlp - Windows: 从 yt-dlp releases 下载
.exe并添加到 PATH。
- Linux/macOS:
使用
单视频下载
# 使用分享链接
node scripts/download.js "https://v.douyin.com/xxxxx"
# 使用完整链接
node scripts/download.js "https://www.douyin.com/video/123456"
批量下载
# 从文件读取链接列表
node scripts/download.js --batch links.txt
# links.txt 格式(每行一个链接,支持 # 注释)
https://v.douyin.com/xxxxx
# 这是另一个视频
https://v.douyin.com/yyyyy
高级选项
# 指定输出目录
node scripts/download.js "https://v.douyin.com/xxxxx" --output ./videos
# 指定文件名
node scripts/download.js "https://v.douyin.com/xxxxx" --filename myvideo
# 并发下载数量 (批量模式)
node scripts/download.js --batch links.txt --concurrent 3
供应链与安全性说明
- 浏览器二进制文件: Playwright 会下载 Chromium 浏览器。如果对安全性有极高要求,可以通过环境变量
EXECUTABLE_PATH指定本地已安装的 Chrome 路径(需修改代码支持)。 - npm 镜像: 如果您位于中国大陆,建议使用腾讯云或阿里云镜像以加速安装。
- 隐私: 本工具仅访问抖音公开页面,不涉及用户登录信息。
作者
Leo & Neo (Startup Partners)
Usage Guidance
What to check before installing:
- Verify the source: the skill's Source/Homepage are unknown; prefer code from a trusted repo. Review the included JS files yourself or run in an isolated VM/container.
- npm install will pull dependencies (playwright-chromium among others) and Playwright will download a Chromium binary; expect a large download and network access. If you need to restrict downloads, pre-install browsers and avoid automatic downloads.
- The README suggests installing yt-dlp with a sudo curl into /usr/local/bin. That command runs as root and places a binary on your system — only run it if you trust the binary (prefer package manager installs or inspect the downloaded file first).
- SKILL.md claims '彻底杜绝命令注入' because it uses spawn; that reduces injection risk but is not an absolute guarantee. If you plan to feed untrusted input (e.g., untrusted links file), validate inputs and run in a sandbox.
- Minor inconsistencies to be aware of: registry metadata said no required binaries but package.json lists node and yt-dlp; SKILL.md references EXECUTABLE_PATH but code does not use it. These suggest the packaging/metadata may be out of sync.
Recommendation: treat this as a typical community downloader tool — reasonable but exercise standard caution: inspect the code, avoid running the sudo curl command blindly, and run first in an isolated environment if you have any doubts.
Capability Analysis
Type: OpenClaw Skill
Name: douyin-video-download
Version: 1.1.2
The skill bundle contains highly suspicious dependency versions in `package-lock.json` (e.g., `axios` 1.13.6, `playwright-chromium` 1.58.2, and `undici` 7.24.0) that do not exist on the public npm registry, indicating either AI-generated hallucinations or a potential setup for a dependency confusion attack. While the code in `lib/downloader.js` and `lib/parser.js` appears to follow security best practices by using `child_process.spawn` to prevent command injection and implementing input validation, the invalid lockfile and the version inconsistencies across `_meta.json`, `package.json`, and `SKILL.md` represent significant supply chain risks.
Capability Assessment
Purpose & Capability
Name/description, SKILL.md, and the code all align: the tool parses Douyin links (Playwright) and downloads video streams (curl/yt-dlp). However there's a minor metadata mismatch: the registry metadata listed no required binaries, while package.json's openclaw.requires lists 'node' and 'yt-dlp'. Asking for yt-dlp is reasonable for a downloader but the registry fields are inconsistent.
Instruction Scope
SKILL.md instructions are focused on installation (npm, Playwright) and usage (single / batch downloads). The instructions and code read local files (links.txt) and write downloaded videos to an output dir. They do not request unrelated system files or credentials. One mismatch: SKILL.md mentions an EXECUTABLE_PATH env variable option but code comments say '需修改代码支持' — the env var is not actually implemented.
Install Mechanism
This is instruction-plus-code (no platform install spec). Installation requires npm install (normal) and Playwright will download Chromium (noted in SKILL.md). SKILL.md recommends installing yt-dlp via a sudo curl into /usr/local/bin — the download host is GitHub releases (expected) but the suggested sudo curl command will write a binary as root; that elevates risk if you run it blindly. Overall install mechanism is typical but requires care when running the suggested privileged curl command and when Playwright downloads browser binaries.
Credentials
The skill does not require credentials or secrets. It uses dotenv and supports OUTPUT_DIR via env (used in code). No sensitive environment variables are requested. SKILL.md mentions EXECUTABLE_PATH but code does not read it — minor inconsistency. No unexplained credential access detected.
Persistence & Privilege
always is false, no special persistence or system-wide config changes are requested, and the skill does not try to modify other skills. It runs as a user-level CLI tool.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install douyin-video-download - After installation, invoke the skill by name or use
/douyin-video-download - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.2
🧹 文档精简:移除无意义的核心工具(curl)描述,提升用户体验并对底层实现进行脱敏处理
v1.1.1
🚨 安全更新:修复命令注入漏洞,统一元数据说明,优化内部调用稳定性
v1.1.0
优化无水印解析逻辑,增加 curl 稳定下载后端,支持 1080P 高清下载
v1.0.3
Security: Regenerated package-lock.json with HTTPS registry (npmjs.org) to remove HTTP mirror risks.
v1.0.2
Switch to playwright-chromium; improve error handling; version sync v1.0.2
v1.0.1
- Improved intelligent selection of download methods (yt-dlp/Playwright) for better reliability.
- Enhanced batch download: now supports reading multiple links from a file.
- Added automatic deduplication to avoid repeated downloads.
- Automatic no-watermark video link parsing.
- Added download progress display and automatic retry for failed downloads.
Metadata
Frequently Asked Questions
What is Douyin Video Download?
抖音视频批量下载工具。支持单视频、批量下载、自动去重、无水印下载,智能选择最优下载方式(yt-dlp/Playwright)。 It is an AI Agent Skill for Claude Code / OpenClaw, with 644 downloads so far.
How do I install Douyin Video Download?
Run "/install douyin-video-download" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Douyin Video Download free?
Yes, Douyin Video Download is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Douyin Video Download support?
Douyin Video Download is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Douyin Video Download?
It is built and maintained by xiaofei (@franklu0819-lang); the current version is v1.1.2.
More Skills