douyin-downloader
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate media processing and transcription tasks as described in its documentation. No malicious patterns or security risks were detected in the source code.
- [COMMAND_EXECUTION]: The skill uses the
child_process.spawnmodule to executeffmpegandffprobefor audio extraction and media metadata retrieval. These operations are performed using controlled arguments derived from the video processing pipeline. - [EXTERNAL_DOWNLOADS]: The script fetches video data from official Douyin domains and interacts with the SiliconFlow API (
api.siliconflow.cn) for audio transcription. These network operations are standard for the skill's functionality and target well-known services. - [CREDENTIALS_UNSAFE]: The skill handles sensitive API keys via environment variables (
DOUYIN_API_KEYorAPI_KEY), which is a standard and recommended practice for managing secrets in scripts.
Audit Metadata