tiktok-videos
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads TikTok videos from TikTok's servers and uses the tikwm.com API as a secondary source for watermark-free content. These operations are essential for the skill's stated purpose.
- [EXTERNAL_DOWNLOADS]: The documentation includes a command to install or update the 'yt-dlp' package via the official Python package registry (PyPI), which is standard practice for maintaining media tools.
- [COMMAND_EXECUTION]: The script executes the 'yt-dlp' CLI utility using Python's subprocess module. It correctly uses argument lists rather than shell strings, which prevents command injection vulnerabilities.
- [DATA_EXFILTRATION]: The script communicates with TikTok and tikwm.com to retrieve video metadata and media streams. No sensitive local data or user credentials are accessed or transmitted; network traffic is limited to functional requirements.
Audit Metadata