ClawHub

douyin push video

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it keeps Douyin account tokens in plaintext and can publish to a real social account with weak safeguards.

Review carefully before installing. Use this only if you are comfortable granting automated Douyin posting access. Prefer short-lived environment variables or a secret manager over storing tokens in .env, keep .env out of source control, revoke or rotate tokens after use, and confirm the exact account, video, caption, and visibility before running the posting script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs writing user-provided openId and accessToken into a persistent .env file, which converts transient credentials into locally stored secrets. That increases the attack surface because tokens may be exposed through source control mistakes, local compromise, logs, backups, or later reuse outside the user's immediate intent.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill tells the agent to store sensitive credentials persistently and even says they will be kept for future use, but it does not warn the user about persistence, local secret exposure, or safer alternatives. This is dangerous because users may provide production OAuth tokens without realizing they are being retained in plaintext on disk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes exchanging an authorization code for access credentials and then outputting or storing those credentials without a user-facing warning about secret sensitivity. Fresh OAuth tokens are highly sensitive because anyone with access may act on the user's Douyin account until the token expires or is revoked.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script prints OAuth access credentials, including access_token and potentially refresh_token, directly to stdout. In CLI and agent environments, stdout is often captured in terminal scrollback, CI logs, telemetry, chat transcripts, or debugging output, which can expose reusable bearer tokens to unintended parties.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Persisting OAuth tokens into the project .env file stores long-lived credentials in plaintext on disk, where they may be accidentally committed, copied into backups, or read by other local processes and tools. Because this skill is for posting to a real Douyin account, exposed tokens could let an attacker act on behalf of the user or application until revoked or expired.

Ssd 3

High
Confidence
99% confidence
Finding
This skill normalizes long-lived retention of user OAuth credentials in .env and explicitly states they will remain for future posting, creating persistent delegated account access. In the context of a posting skill, that is more dangerous than ordinary configuration guidance because the stored token can be reused later to post content or access account-scoped APIs without fresh user approval.

Ssd 3

High
Confidence
98% confidence
Finding
The skill tells the agent to output newly obtained open_id and access_token to the user or write them into project storage, which risks disclosure through terminal history, chat logs, screenshots, and local files. Because these are active OAuth credentials, exposure could enable unauthorized posting or other actions on the connected Douyin account.

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "dependencies": {
    "dotenv": "^16.4.5",
    "form-data": "^4.0.0"
  }
}
Confidence
94% confidence
Finding
"form-data": "^4.0.0"

Known Vulnerable Dependency: form-data==4.0.0 — 1 advisory(ies): CVE-2025-7783 (form-data uses unsafe random function in form-data for choosing boundary)

Critical
Category
Supply Chain
Confidence
98% confidence
Finding
form-data==4.0.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal