tiktok-crawling

Replace GitHub raw.githubusercontent.com references with pinned commit SHAs instead of branch names (e.g., /commit-sha/file instead of /main/file). Branch references are mutable.

Likely FP if the raw GitHub URL points to a versioned release tag in a well-known repository, though even tags are technically mutable.

Pin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.

Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.

Validate cron expressions and scheduled commands against an allowlist. Ensure scheduled tasks cannot be modified by untrusted input and log all cron job changes.

Likely FP if the match is a documentation reference to crontab syntax or a short mention of cron in a description of scheduling concepts.

Replace direct shell script execution with a language-native implementation or a sandboxed executor. If shell scripts must run, restrict them to a vetted allowlist with integrity checks.

Likely FP if the match references running a script that is part of the skill's own repository (e.g., ./setup.sh) with clear, auditable contents.