https://clawhub.ai/api/v1/skills/tiktok-search/file?path=SKILL.md&version=1.1.22
github.com/clawhub.ai/tiktok-search
Scanned Thu, 28 May 2026 15:55:20 GMT
Scan ID crawl-n2vai4fy66qratm2f8z6ecit · 2ms
C
SCORE 55 / 100
Verdict: Proceed with caution
11 medium findings.
This skill ships without a capability manifest plus 10 other issues listed below.
0 critical0 high11 medium1 rules passed
Why grade C?
score · 55 / 100The current grade reflects 11 medium findings (6+ MEDs → C).
0 CRIT0 HIGH11 MED0 LOW
To reach a higher grade
- BReach Btarget score 75
Resolve 6 of 11 MED (cap is 5).
- AReach Atarget score 95
Resolve 9 of 11 MED (cap is 2).
Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.
Findings · ordered by severity
medNo capability manifest declaredThe skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.rule: no-manifest▾
No capability manifest declared
The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.
rule:
no-manifestmedLink text shows "readme.md" but points at github.comThe visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "readme.md" but points at github.com
The visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
30
31Need the full step-by-step setup guide? Read:
32[README.md](https://github.com/gecho-ai/gecho-bridge/blob/main/README.md)← text→readme.md · href→github.com
33
34### If you installed this from ClawHub as a Skill
medLink text shows "readme.md" but points at github.comThe visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "readme.md" but points at github.com
The visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
90- TikTok blocked or stuck: solve any CAPTCHA or login wall in the browser first.
91- Insight still running: wait and then ask the AI to call `check_insight_status`.
92- Need the full installation tutorial: [README.md](https://github.com/gecho-ai/gecho-bridge/blob/main/README.md)← text→readme.md · href→github.com
93
94---
medLink text shows "readme.md" but points at github.comThe visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "readme.md" but points at github.com
The visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
1121. If the user wants to use this skill for the first time and there has been no successful Gecho tool call in the current conversation, you MUST assume the environment may be unconfigured and first perform a readiness check.
113 - Tell the user they need to finish the initial setup first.
114 - Provide the full installation guide: [README.md](https://github.com/gecho-ai/gecho-bridge/blob/main/README.md)← text→readme.md · href→github.com
115 - Remind them to:
116 - Configure MCP server (provide the `openclaw mcp set` command if using OpenClaw, or the `hermes mcp add` command if using Hermes).
medLink text shows "readme.md" but points at github.comThe visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "readme.md" but points at github.com
The visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
119 - **Community Support**: Suggest joining the [Discord](https://discord.gg/RFDVZMR6Tn) or scanning the [WeChat QR Code](https://github.com/gecho-ai/gecho-bridge/blob/main/qywx.jpg) for real-time help.
120 - DO NOT try to verify readiness by running `npx`, `which node`, `npm`, `curl`, browser navigation, Python scripts, or third-party scrapers.
1212. If the user says they installed the Skill from ClawHub but tool usage fails, explicitly tell them that the Skill page alone is not enough and they must configure the `gecho-bridge` MCP server. Always include the tutorial link: [README.md](https://github.com/gecho-ai/gecho-bridge/blob/main/README.md)← text→readme.md · href→github.com
1223. When setup appears missing, use the primary MCP configuration command for the user's client: `openclaw mcp set` for OpenClaw, or `hermes mcp add` for Hermes. Mention the OpenClaw plugin route only as an optional alternative when the user explicitly wants plugin-based management.
1234. When setup appears confusing or the user asks for full installation steps, send them this official guide:
medLink text shows "readme.md" but points at github.comThe visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "readme.md" but points at github.com
The visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
1223. When setup appears missing, use the primary MCP configuration command for the user's client: `openclaw mcp set` for OpenClaw, or `hermes mcp add` for Hermes. Mention the OpenClaw plugin route only as an optional alternative when the user explicitly wants plugin-based management.
1234. When setup appears confusing or the user asks for full installation steps, send them this official guide:
124 [README.md](https://github.com/gecho-ai/gecho-bridge/blob/main/README.md)← text→readme.md · href→github.com
1255. **Feedback Loop**: Always encourage users to report issues or share feedback in the [Discord](https://discord.gg/RFDVZMR6Tn) or [WeChat Group](https://github.com/gecho-ai/gecho-bridge/blob/main/qywx.jpg).
126
medLink text shows "readme.md" but points at github.comThe visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "readme.md" but points at github.com
The visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
202 - Remind them that they also need the Gecho Chrome extension plus a logged-in TikTok tab.
203 - Also include the full setup guide:
204 [README.md](https://github.com/gecho-ai/gecho-bridge/blob/main/README.md)← text→readme.md · href→github.com
205 - **Support**: Suggest joining the [Discord](https://discord.gg/RFDVZMR6Tn) or [WeChat Group](https://github.com/gecho-ai/gecho-bridge/blob/main/qywx.jpg) if setup still fails.
2061. **Error: "MCP error -32001: Request timed out"**
medLink text shows "readme.md" but points at github.comThe visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "readme.md" but points at github.com
The visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
208 - Tell the user to check Chrome for a CAPTCHA, login wall, or a stuck TikTok page.
209 - If the user is still unsure about the environment, also send the full setup guide:
210 [README.md](https://github.com/gecho-ai/gecho-bridge/blob/main/README.md)← text→readme.md · href→github.com
211 - **Support**: Suggest joining the [Discord](https://discord.gg/RFDVZMR6Tn) or scanning the [WeChat QR Code](https://github.com/gecho-ai/gecho-bridge/blob/main/qywx.jpg) for help.
2122. **Error: "Chrome extension not found/connected"**
medLink text shows "readme.md" but points at github.comThe visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "readme.md" but points at github.com
The visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
214 - Include the extension link: [Gecho Extension](https://chromewebstore.google.com/detail/pjkaeenpekolahdbccjfenjcmanemlbj?utm_source=item-share-cb)
215 - Also include the full setup guide:
216 [README.md](https://github.com/gecho-ai/gecho-bridge/blob/main/README.md)← text→readme.md · href→github.com
217 - **Support**: Suggest joining the [Discord](https://discord.gg/RFDVZMR6Tn) or [WeChat Group](https://github.com/gecho-ai/gecho-bridge/blob/main/qywx.jpg).
2183. **Error: tool not found / MCP server missing**
medLink text shows "readme.md" but points at github.comThe visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "readme.md" but points at github.com
The visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
229 ```
230 - Also include the full setup guide:
231 [README.md](https://github.com/gecho-ai/gecho-bridge/blob/main/README.md)← text→readme.md · href→github.com
232 - **Support**: Suggest joining the [Discord](https://discord.gg/RFDVZMR6Tn) or [WeChat Group](https://github.com/gecho-ai/gecho-bridge/blob/main/qywx.jpg) for configuration help.
2334. **Error: service timeout**
medLink text shows "readme.md" but points at github.comThe visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.▾
Link text shows "readme.md" but points at github.com
The visible link text contains the domain `readme.md`, but the URL actually targets `github.com`. This is a phishing/smuggling pattern — the reader sees one host, the agent fetches another. Either update the text or the URL so they match.
300
301Full setup guide:
302[README.md](https://github.com/gecho-ai/gecho-bridge/blob/main/README.md)← text→readme.md · href→github.com
303
304---
skillox.io/r/crawl-n2vai4fy66qratm2f8z6ecit