tiktok-music-archive-downloader
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes external processes using
python3 -m yt_dlpfor video downloads andffmpegfor audio extraction. These calls are implemented using structured argument arrays, which mitigate shell injection risks. - [EXTERNAL_DOWNLOADS]: Media files are downloaded from TikTok URLs specified in a user-provided JSON manifest. The skill uses the established
yt-dlptool for these network operations. - [CREDENTIALS_UNSAFE]: The skill reads and updates session tokens and account metadata in the platform's configuration directory (e.g.,
~/.config/postplus/config.json). This is standard behavior for the vendor's authentication and cloud synchronization features and is localized to the vendor's specific configuration paths.
Audit Metadata