← 返回 Skills 市场

Douyin DL

Name: Douyin DL
Author: lskun

作者 shaokunli · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

582

总下载

当前安装

版本数

在 OpenClaw 中安装

/install douyin-dl

功能描述

Download Douyin (抖音) short videos from URLs. Supports direct video links, search page links with modal_id, share links (v.douyin.com), and note links. Uses h...

使用说明 (SKILL.md)

Douyin Video Downloader

Downloads Douyin videos by opening the page in a headless browser, extracting the \x3Cvideo> source URL, and downloading via curl. This bypasses yt-dlp's cookie issues with Douyin's anti-scraping.

Prerequisites

agent-browser (npm i -g agent-browser)
curl

Usage

python3 scripts/douyin_download.py \x3CURL> [--output-dir DIR] [--filename NAME]

Supported URL Formats

https://www.douyin.com/video/\x3Cid> — direct video page
https://www.douyin.com/search/...?modal_id=\x3Cid> — search results with video modal
https://v.douyin.com/\x3Ccode> — share short links
https://www.douyin.com/note/\x3Cid> — note/image posts with video

Examples

# Basic download to ~/Downloads
python3 scripts/douyin_download.py 'https://www.douyin.com/video/7577715519366576522'

# Custom output directory and filename
python3 scripts/douyin_download.py 'https://www.douyin.com/video/7577715519366576522' \
  -o ~/Videos -f my_video

# From search page URL
python3 scripts/douyin_download.py 'https://www.douyin.com/search/关键词?modal_id=7577715519366576522'

How It Works

Normalize URL → extract video ID, construct direct video page URL
Open page in agent-browser (headless Chromium)
Extract \x3Cvideo> element's currentSrc (CDN direct link)
Close browser
Download MP4 via curl with proper Referer header

Notes

No login required — fresh browser session is sufficient
Video title auto-detected from page title for filename
Large videos may take 30-60s to download depending on network
CDN links are temporary (~2h validity); download promptly after extraction

安全使用建议

This skill appears to do what it claims, but the included Python script runs shell commands with shell=True and inserts user-supplied URL and the extracted video URL verbatim into command strings. That creates a real command-injection risk. Before installing or invoking: (1) Inspect or run the script in a restricted/sandboxed environment (VM/container) rather than on a production machine. (2) Ensure agent-browser is installed from a trusted source (npm package integrity). (3) Prefer fixing the script: use subprocess.run with a list of arguments or use shlex.quote when building commands, validate/sanitize the URL and video_src, and avoid shell=True. (4) If you cannot audit or patch the code, avoid running it with untrusted inputs or allow the agent to invoke it autonomously.

功能分析

Type: OpenClaw Skill Name: douyin-dl Version: 1.0.0 The skill contains a critical shell injection vulnerability in `scripts/douyin_download.py` due to the use of `subprocess.run(shell=True)` with unsanitized user input (the URL and output path). While the script's logic and `SKILL.md` instructions align with the stated purpose of downloading videos via a headless browser, the insecure command construction allows for arbitrary code execution if a crafted URL is provided. No clear evidence of intentional malice or data exfiltration was found.

能力评估

✓ Purpose & Capability

Name/description match the code and SKILL.md: it opens Douyin pages with a headless browser, extracts the video src, and downloads via curl. Required tools (agent-browser, curl) are appropriate and declared in SKILL.md.

ℹ Instruction Scope

Instructions and script stay within the stated downloading purpose (open page, extract <video>, download). However the script accepts arbitrary URLs and inserts both the user-supplied URL and the extracted video_src directly into shell commands (subprocess.run(..., shell=True)), creating a command-injection risk if inputs contain malicious characters or if the page provides unexpected values.

✓ Install Mechanism

No install spec (instruction-only plus an included script). The script requires agent-browser and curl, and SKILL.md documents that. Nothing is downloaded from untrusted URLs or installed automatically by the skill.

✓ Credentials

No environment variables, credentials, or config paths are requested. The skill's access needs are minimal and appropriate for its purpose.

✓ Persistence & Privilege

always is false and the skill does not request persistent or system-wide privileges. It does invoke external binaries but does not modify other skills or system configs.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install douyin-dl
安装完成后，直接呼叫该 Skill 的名称或使用 /douyin-dl 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: download Douyin videos via headless browser + curl. Supports video pages, search modals, share links, and note URLs.

元数据

Slug douyin-dl

版本 1.0.0

许可证 MIT-0

累计安装 4

当前安装数 4

历史版本数 1

常见问题

Douyin DL 是什么？

Download Douyin (抖音) short videos from URLs. Supports direct video links, search page links with modal_id, share links (v.douyin.com), and note links. Uses h... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 582 次。

如何安装 Douyin DL？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install douyin-dl」即可一键安装，无需额外配置。

Douyin DL 是免费的吗？

是的，Douyin DL 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Douyin DL 支持哪些平台？

Douyin DL 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Douyin DL？

由 shaokunli（@lskun）开发并维护，当前版本 v1.0.0。