中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:20 hr ago Rescan
15 /100
twitter-video-downloader
推特视频下载器 - 下载 Twitter/X 视频、GIF 和音频(MP4/MP3),支持 1080p、2K、4K、8K 高清下载
Legitimate Twitter video downloader using yt-dlp with no malicious behavior detected - functionality matches documentation exactly.
Skill Nametwitter-video-downloader
Duration28.7s
Enginepi
Safe to install
This skill is safe to use. No security concerns identified. The --output parameter allows arbitrary paths which is standard for download tools.

Findings 1 items

Severity Finding Location
Low
Configurable output directory Priv Escalation
The --output/-o parameter allows users to specify arbitrary output paths for downloaded files. This is standard functionality for download tools but could theoretically be used to write to any accessible directory.
--output|-o)
      OUTPUT_DIR="$2"
→ Consider implementing path validation to restrict output to expected directories only, though this is not a security vulnerability for a legitimate download tool.
 scripts/download.sh:31
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned SKILL.md declares tools capability; scripts write to $HOME/Downloads/
Network READ READ ✓ Aligned SKILL.md declares WebFetch equivalent; yt-dlp accesses Twitter/X URLs
Shell WRITE WRITE ✓ Aligned Shell scripts execute yt-dlp for video downloads
19 findings
🔗
Medium External URL 外部 URL
https://savetwitter.net
README.md:5
🔗
Medium External URL 外部 URL
https://x.com/user/status/1234567890
README.md:34
🔗
Medium External URL 外部 URL
http://127.0.0.1:7890
README.md:43
🔗
Medium External URL 外部 URL
http://127.0.0.1:10809
README.md:48
🔗
Medium External URL 外部 URL
https://x.com/user1/status/123
README.md:68
🔗
Medium External URL 外部 URL
https://x.com/user2/status/456
README.md:69
🔗
Medium External URL 外部 URL
https://x.com/user/status/123
README.md:75
🔗
Medium External URL 外部 URL
http://127.0.0.1:7897
README.md:85
🔗
Medium External URL 外部 URL
http://127.0.0.1:6152
README.md:88
🔗
Medium External URL 外部 URL
https://twitter.com/username/status/1234567890
README.md:120
🔗
Medium External URL 外部 URL
https://x.com/username/status/1234567890
README.md:121
🔗
Medium External URL 外部 URL
https://mobile.twitter.com/username/status/1234567890
README.md:122
🔗
Medium External URL 外部 URL
https://x.com/elonmusk/status/1234567890
README.md:206
🔗
Medium External URL 外部 URL
https://x.com/user1/status/111
README.md:233
🔗
Medium External URL 外部 URL
https://x.com/user2/status/222
README.md:234
🔗
Medium External URL 外部 URL
https://x.com/user3/status/333
README.md:235
🔗
Medium External URL 外部 URL
https://clawhub.ai
README.md:252
🔗
Medium External URL 外部 URL
https://x.com/user3/status/789
SKILL.md:67
🔗
Medium External URL 外部 URL
https://x.com/user/status/123\
scripts/download.sh:57

File Tree

5 files · 17.7 KB · 733 lines
Markdown 2f · 415L Shell 3f · 318L
├─ 📁 scripts
│ ├─ 🔧 batch-download.sh Shell 72L · 1.6 KB
│ ├─ 🔧 download.sh Shell 170L · 3.8 KB
│ └─ 🔧 info.sh Shell 76L · 2.2 KB
├─ 📝 README.md Markdown 259L · 5.6 KB
└─ 📝 SKILL.md Markdown 156L · 4.5 KB

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
yt-dlp * external binary No Required external dependency, not included in package
ffmpeg * external binary No Required external dependency, not included in package

Security Positives

✓ Uses only yt-dlp and ffmpeg - well-known legitimate open-source tools
✓ No credential harvesting or sensitive data access
✓ No base64 encoding or obfuscation detected
✓ No network requests to unexpected external hosts
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Documentation accurately describes all functionality
✓ Scripts have proper error handling with set -e
✓ URL validation prevents command injection via URL parameters
✓ Output is saved to user-controlled Downloads directory (standard behavior)