tiktok-collection-scraper

[Skill Scanner] Installation of third-party script detected No direct evidence in the provided materials of code that is actively malicious (no hardcoded exfiltration endpoints, no obfuscated payloads in the docs). The primary security concern is the requirement to supply a raw browser cookie to access private collections — a high-privilege credential. Because the implementation was not included, there remains uncertainty about cookie handling and potential exfiltration. Before trusting this package with sensitive cookies, review the actual script to confirm cookies are only sent to TikTok domains, not logged or persisted, and that no telemetry or third-party network calls exist. LLM verification: The documented skill performs TikTok collection scraping and requires network access and optionally a raw browser cookie to access private data. The principal security concerns are sensitive cookie handling and an unpinned PyPI dependency. There are no direct indicators of malware in the documentation, but lack of source code prevents ruling out exfiltration or logging of credentials. Before using or deploying this package: (1) inspect the actual scripts for any outbound requests to non-TikTok d