tiktok-music-archive-downloader

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external processes using python3 -m yt_dlp for video downloads and ffmpeg for audio extraction. These calls are implemented using structured argument arrays, which mitigate shell injection risks.
  • [EXTERNAL_DOWNLOADS]: Media files are downloaded from TikTok URLs specified in a user-provided JSON manifest. The skill uses the established yt-dlp tool for these network operations.
  • [CREDENTIALS_UNSAFE]: The skill reads and updates session tokens and account metadata in the platform's configuration directory (e.g., ~/.config/postplus/config.json). This is standard behavior for the vendor's authentication and cloud synchronization features and is localized to the vendor's specific configuration paths.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 04:51 PM
Security Audit — agent-trust-hub — tiktok-music-archive-downloader