← 返回 Skills 市场

Douyin Video Download

Name: Douyin Video Download
Author: franklu0819-lang

作者 xiaofei · GitHub ↗ · v1.1.2 · MIT-0

cross-platform ⚠ suspicious

644

总下载

当前安装

版本数

在 OpenClaw 中安装

/install douyin-video-download

功能描述

抖音视频批量下载工具。支持单视频、批量下载、自动去重、无水印下载，智能选择最优下载方式（yt-dlp/Playwright）。

使用说明 (SKILL.md)

抖音视频下载器 (安全加固版)

强大的抖音视频批量下载工具，支持无水印、1080P 高清下载。

功能特性

✅ 安全加固: 使用 child_process.spawn 处理外部调用，彻底杜绝命令注入风险。
✅ 高清无水印: 自动解析 1080P 直连，移除水印。
✅ 稳定下载: 采用多后端自动切换技术（内置解析引擎 + 社区公认工具），确保高成功率。
✅ 批量处理: 支持从文本文件读取链接批量下载。

安装

1. 安装依赖

# 进入技能目录
cd ~/.openclaw/workspace/skills/douyin-video-download

# 安装 Node.js 依赖
npm install

# 安装 Playwright Chromium 浏览器二进制文件 (仅需一次)
# 提示: 如果在受限网络环境下，请确保已配置好 npm 镜像
npx playwright install chromium

2. 安装外部工具 (可选但推荐)

yt-dlp: 提供最佳下载体验和更高的稳定性。
- Linux/macOS: sudo curl -L https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp -o /usr/local/bin/yt-dlp && sudo chmod a+rx /usr/local/bin/yt-dlp
- Windows: 从 yt-dlp releases 下载 .exe 并添加到 PATH。

使用

单视频下载

# 使用分享链接
node scripts/download.js "https://v.douyin.com/xxxxx"

# 使用完整链接
node scripts/download.js "https://www.douyin.com/video/123456"

批量下载

# 从文件读取链接列表
node scripts/download.js --batch links.txt

# links.txt 格式（每行一个链接，支持 # 注释）
https://v.douyin.com/xxxxx
# 这是另一个视频
https://v.douyin.com/yyyyy

高级选项

# 指定输出目录
node scripts/download.js "https://v.douyin.com/xxxxx" --output ./videos

# 指定文件名
node scripts/download.js "https://v.douyin.com/xxxxx" --filename myvideo

# 并发下载数量 (批量模式)
node scripts/download.js --batch links.txt --concurrent 3

供应链与安全性说明

浏览器二进制文件: Playwright 会下载 Chromium 浏览器。如果对安全性有极高要求，可以通过环境变量 EXECUTABLE_PATH 指定本地已安装的 Chrome 路径（需修改代码支持）。
npm 镜像: 如果您位于中国大陆，建议使用腾讯云或阿里云镜像以加速安装。
隐私: 本工具仅访问抖音公开页面，不涉及用户登录信息。

作者

Leo & Neo (Startup Partners)

安全使用建议

What to check before installing: - Verify the source: the skill's Source/Homepage are unknown; prefer code from a trusted repo. Review the included JS files yourself or run in an isolated VM/container. - npm install will pull dependencies (playwright-chromium among others) and Playwright will download a Chromium binary; expect a large download and network access. If you need to restrict downloads, pre-install browsers and avoid automatic downloads. - The README suggests installing yt-dlp with a sudo curl into /usr/local/bin. That command runs as root and places a binary on your system — only run it if you trust the binary (prefer package manager installs or inspect the downloaded file first). - SKILL.md claims '彻底杜绝命令注入' because it uses spawn; that reduces injection risk but is not an absolute guarantee. If you plan to feed untrusted input (e.g., untrusted links file), validate inputs and run in a sandbox. - Minor inconsistencies to be aware of: registry metadata said no required binaries but package.json lists node and yt-dlp; SKILL.md references EXECUTABLE_PATH but code does not use it. These suggest the packaging/metadata may be out of sync. Recommendation: treat this as a typical community downloader tool — reasonable but exercise standard caution: inspect the code, avoid running the sudo curl command blindly, and run first in an isolated environment if you have any doubts.

功能分析

Type: OpenClaw Skill Name: douyin-video-download Version: 1.1.2 The skill bundle contains highly suspicious dependency versions in `package-lock.json` (e.g., `axios` 1.13.6, `playwright-chromium` 1.58.2, and `undici` 7.24.0) that do not exist on the public npm registry, indicating either AI-generated hallucinations or a potential setup for a dependency confusion attack. While the code in `lib/downloader.js` and `lib/parser.js` appears to follow security best practices by using `child_process.spawn` to prevent command injection and implementing input validation, the invalid lockfile and the version inconsistencies across `_meta.json`, `package.json`, and `SKILL.md` represent significant supply chain risks.

能力评估

ℹ Purpose & Capability

Name/description, SKILL.md, and the code all align: the tool parses Douyin links (Playwright) and downloads video streams (curl/yt-dlp). However there's a minor metadata mismatch: the registry metadata listed no required binaries, while package.json's openclaw.requires lists 'node' and 'yt-dlp'. Asking for yt-dlp is reasonable for a downloader but the registry fields are inconsistent.

ℹ Instruction Scope

SKILL.md instructions are focused on installation (npm, Playwright) and usage (single / batch downloads). The instructions and code read local files (links.txt) and write downloaded videos to an output dir. They do not request unrelated system files or credentials. One mismatch: SKILL.md mentions an EXECUTABLE_PATH env variable option but code comments say '需修改代码支持' — the env var is not actually implemented.

ℹ Install Mechanism

This is instruction-plus-code (no platform install spec). Installation requires npm install (normal) and Playwright will download Chromium (noted in SKILL.md). SKILL.md recommends installing yt-dlp via a sudo curl into /usr/local/bin — the download host is GitHub releases (expected) but the suggested sudo curl command will write a binary as root; that elevates risk if you run it blindly. Overall install mechanism is typical but requires care when running the suggested privileged curl command and when Playwright downloads browser binaries.

ℹ Credentials

The skill does not require credentials or secrets. It uses dotenv and supports OUTPUT_DIR via env (used in code). No sensitive environment variables are requested. SKILL.md mentions EXECUTABLE_PATH but code does not read it — minor inconsistency. No unexplained credential access detected.

✓ Persistence & Privilege

always is false, no special persistence or system-wide config changes are requested, and the skill does not try to modify other skills. It runs as a user-level CLI tool.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install douyin-video-download
安装完成后，直接呼叫该 Skill 的名称或使用 /douyin-video-download 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.2

🧹 文档精简：移除无意义的核心工具（curl）描述，提升用户体验并对底层实现进行脱敏处理

v1.1.1

🚨 安全更新：修复命令注入漏洞，统一元数据说明，优化内部调用稳定性

v1.1.0

优化无水印解析逻辑，增加 curl 稳定下载后端，支持 1080P 高清下载

v1.0.3

Security: Regenerated package-lock.json with HTTPS registry (npmjs.org) to remove HTTP mirror risks.

v1.0.2

Switch to playwright-chromium; improve error handling; version sync v1.0.2

v1.0.1

- Improved intelligent selection of download methods (yt-dlp/Playwright) for better reliability. - Enhanced batch download: now supports reading multiple links from a file. - Added automatic deduplication to avoid repeated downloads. - Automatic no-watermark video link parsing. - Added download progress display and automatic retry for failed downloads.

元数据

Slug douyin-video-download

版本 1.1.2

许可证 MIT-0

累计安装 9

当前安装数 9

历史版本数 6

常见问题