← 返回 Skills 市场

Tiktok Auto Reply

Name: Tiktok Auto Reply
Author: kamiguyi

作者 kamiguyi · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

222

总下载

当前安装

版本数

在 OpenClaw 中安装

/install dagugu-tiktok-auto-reply

功能描述

自动监控指定关键词的TikTok热门视频评论并定时发送配置的自动回复，支持频率限制和多模板切换。

使用说明 (SKILL.md)

TikTok 自动回复技能

⚠️ 风险提示：使用此技能可能导致账号被 TikTok 限制或封禁。请谨慎使用，后果自负。

功能

监控指定关键词的热门视频
自动获取视频评论
根据配置自动回复评论

前置条件

TikTok 企业开发者账号
TikTok API 访问令牌
Node.js 环境

安装

cd ~/.openclaw/workspace/skills/tiktok-auto-reply
npm install

配置

复制配置模板：

cp config.example.json config.json

编辑 config.json：

{
  "tiktok": {
    "accessToken": "YOUR_ACCESS_TOKEN",
    "clientKey": "YOUR_CLIENT_KEY",
    "clientSecret": "YOUR_CLIENT_SECRET"
  },
  "keywords": ["热门关键词1", "关键词2"],
  "replyTemplates": [
    "视频太棒了！🔥",
    "学到了！感谢分享 👍",
    "有意思～"
  ],
  "checkIntervalMinutes": 30,
  "maxRepliesPerHour": 10
}

使用

# 手动运行一次
node index.js

# 或作为定时任务
node watch.js

注意事项

不要设置过高的回复频率
避免完全相同的回复内容
定期更换回复模板
监控账号状态

API 文档

TikTok for Developers

免责声明：本技能仅供学习研究使用。使用本技能产生的任何后果由使用者自行承担。

安全使用建议

This skill appears to be a simple TikTok auto-reply tool but has several warning signs: (1) it expects TikTok API credentials but those are stored in a local config.json (plaintext) rather than declared as secure env vars — avoid committing that file and keep credentials out of shared/workspace repos; (2) index.js currently contains placeholder/mock API methods (no real HTTP calls), so the published package may be incomplete or a template — review/replace the API calls before giving it real credentials; (3) documentation/script mismatches (references to watch.js) indicate sloppy maintenance — verify the correct run command (npm run watch or node index.js watch); (4) installing runs npm install which will fetch node-fetch from the public registry — inspect package.json and the installed node_modules before running; (5) automated posting can violate TikTok terms and risk account suspension — test in dryRun mode and use a throwaway/test account first. Recommended next steps: review index.js for any real network endpoints, confirm where/when credentials are used, move secrets to a secure location (env vars or a secrets manager), run in an isolated environment, and verify the upstream repository before trusting it.

功能分析

Type: OpenClaw Skill Name: tiktok-auto-reply Version: 1.0.0 The skill is a legitimate automation tool template for TikTok auto-replying, containing clear risk warnings regarding account bans and terms of service. The code in index.js is a functional skeleton that manages rate limiting and template selection without any signs of data exfiltration, obfuscation, or malicious execution; all sensitive API credentials are kept in a local config.json file as per standard practices.

能力评估

ℹ Purpose & Capability

The name/description match the code: it monitors keywords and replies to comments using TikTok API credentials placed in config.json. However, the registry metadata declares no required credentials while the SKILL.md and config.example.json require accessToken/clientKey/clientSecret — a mismatch. Also, the TikTok client methods in index.js are placeholders that return mock results rather than performing real HTTP calls, while node-fetch is declared as a dependency but not actually used.

ℹ Instruction Scope

Runtime instructions are limited to copying/editing config.json and running the script (check/watch). They do not request unrelated system files or hidden network endpoints. Inconsistencies: SKILL.md and README reference running watch.js in one place though no watch.js exists (the script is invoked as node index.js watch or npm run watch). The instructions do instruct storing API credentials in a local JSON file (plaintext), which increases risk if the workspace is shared.

✓ Install Mechanism

There is no formal install spec in registry (instruction-only), but SKILL.md/README instruct npm install and package.json lists node-fetch. Installing via npm is expected for a Node.js skill; the dependency is from the public npm registry (traceable). No high-risk external binaries or downloads are used.

⚠ Credentials

The skill legitimately needs TikTok API credentials, but the registry metadata does not declare required credentials or a primaryEnv. Instead, users are instructed to put secrets into config.json — storing sensitive tokens in a plaintext file in the skill directory is potentially unsafe. The number of secrets (accessToken, clientKey, clientSecret) is reasonable for the claimed purpose, but the storage mechanism and lack of explicit registry declaration are disproportionate/misleading.

✓ Persistence & Privilege

The skill does not request always:true and does not modify system or other skills' configs. It runs as a normal user-space Node.js program and does not persist additional privileges beyond its workspace files.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install dagugu-tiktok-auto-reply
安装完成后，直接呼叫该 Skill 的名称或使用 /dagugu-tiktok-auto-reply 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of the TikTok 自动回复 skill. - Monitors trending TikTok videos by keywords and fetches comments. - Automatically replies to comments based on configurable templates. - Includes setup instructions, risk notices, and best practice guidelines. - Requires TikTok developer account, API access, and Node.js environment.

元数据

Slug dagugu-tiktok-auto-reply

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题