douyin-batch-download

Based on the provided SKILL.md (documentation only, no script source code), the skill's stated capabilities align with its requirements (Playwright for login, httpx for requests, ffmpeg for compression). The main security concerns are the sensitive nature of browser cookies/playwright profiles and broad filesystem access (downloading and storing media, DB files). These are proportionate to the declared purpose but represent a moderate risk: if the actual scripts mishandle credentials (e.g., upload cookies to third-party endpoints, read unrelated sensitive files, or execute unsanitized shell commands), that would be a severe supply-chain/security issue. To reduce risk, reviewers should inspect the actual Python scripts for any network calls to non-official domains, any instructions that forward credentials, any use of pipe-to-shell or untrusted downloads, and ensure Playwright uses a dedicated profile rather than the user's full browser profile.