← 返回 Skills 市场
kikikari

TikTok Live Monitor

作者 KikiKari · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
70
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install tiktok-live-mon
功能描述
TikTok Live stream monitoring and recording automation. Uses Playwright for visual detection and network traffic monitoring to capture FLV stream URLs. Suppo...
安全使用建议
This skill appears to do what it says (detect TikTok live streams and extract FLV URLs), but there are two practical risks to consider before installing or running it: 1) Missing dependency declarations: The registry metadata lists no required binaries, but the SKILL.md and scripts require Node.js (16+), Playwright/Chromium, and optionally streamlink, yt-dlp, python3, and jq. Make sure those tools are present and up-to-date in a controlled environment. 2) Command injection vulnerability: The Node code uses child_process.exec to run the included shell scripts and interpolates username/quality directly into the shell command. If an attacker can control those inputs (or you run with untrusted usernames), they could execute arbitrary shell commands. Mitigations: run the skill only in an isolated container or VM, avoid passing untrusted input, or patch the code to use safer child_process APIs (spawn with argument arrays or properly escape/sanitize inputs). Other recommendations: review the included scripts yourself, run the tool under a non-privileged account, and consider restricting autonomous invocation until you've validated it in a sandbox. If you need higher assurance, request a version that properly escapes shell arguments and documents all runtime dependencies.
能力评估
Purpose & Capability
Name/description align with included code: Playwright-based detection plus streamlink/yt-dlp fallbacks. However the registry/metadata claims no required binaries while the SKILL.md and scripts clearly require Node.js, Playwright/Chromium, and optionally streamlink, yt-dlp, python3, and jq. That mismatch (missing declared dependencies) is a packaging/information consistency issue.
Instruction Scope
SKILL.md tells the agent to run the included Node scripts, which in turn monitor network traffic and invoke local helper scripts. The code listens to network responses (only TikTok URLs) and writes logs to /tmp. The bigger concern: the Node code uses child_process.exec to call bash with unescaped user-provided values (username, quality) which creates a command-injection risk if those values are attacker-controlled. The shell scripts use eval and perform unescaped string interpolation as well. While these actions are within the scope of extracting streams, the lack of input sanitization is a security issue.
Install Mechanism
No install spec; this is instruction-plus-code only and does not download arbitrary code at install time. That reduces supply-chain risk. The runtime does require Playwright/Chromium and external CLI tools (streamlink, yt-dlp) but nothing in the package fetches remote archives or runs network installers.
Credentials
The skill requests no environment variables or credentials. The code does not attempt to read hidden credentials or unrelated system config. This is proportionate to its stated purpose.
Persistence & Privilege
The skill is not marked always:true and does not try to modify other skills or system-wide agent settings. It runs as invoked and writes only to temporary files for yt-dlp logging; no persistent privileged presence is requested.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install tiktok-live-mon
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /tiktok-live-mon 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of TikTok Live stream monitoring and recording automation. - Uses Playwright for visual detection of live status and to extract FLV stream URLs from network traffic. - Automatically checks if a TikTok user is live and records streams to disk. - Includes notification system for live/offline status changes. - Provides CLI scripts to check live status and obtain stream URLs.
元数据
Slug tiktok-live-mon
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

TikTok Live Monitor 是什么?

TikTok Live stream monitoring and recording automation. Uses Playwright for visual detection and network traffic monitoring to capture FLV stream URLs. Suppo... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 70 次。

如何安装 TikTok Live Monitor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install tiktok-live-mon」即可一键安装,无需额外配置。

TikTok Live Monitor 是免费的吗?

是的,TikTok Live Monitor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

TikTok Live Monitor 支持哪些平台?

TikTok Live Monitor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 TikTok Live Monitor?

由 KikiKari(@kikikari)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论