The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the subprocess module to manage its internal workflow. This includes executing its own sub-scripts (e.g., download-v2.py), the f2 command-line utility for downloading, and ffmpeg/ffprobe for media processing and metadata extraction. Analysis of the code shows that these calls use argument lists rather than shell strings, which is a security best practice to prevent command injection.
[EXTERNAL_DOWNLOADS]: As a video downloader, the skill connects to Douyin (TikTok) servers to retrieve video files and metadata. It also uses playwright to automate a browser instance for user login via QR code. These operations are consistent with the skill's stated purpose.
[CREDENTIALS_UNSAFE]: The skill manages authentication through Douyin cookies. It provides a script (login.py) that captures these cookies via browser automation and saves them to a local configuration file (config/config.yaml). While this involves handling sensitive session tokens, the processing is performed entirely locally on the user's machine, and no evidence of exfiltration to third-party servers was found.

douyin-batch-download