Security audit

HotTrender Basic Crawler

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local trend-crawler skill; its optional TikTok mode uses session tokens and browser automation, so users should enable that part deliberately.

Install only if you want a local crawler that makes web requests and writes local reports. Use the default Google, YouTube, and X providers first. Enable TikTok only intentionally, avoid sharing or committing TIKTOK_MS_TOKEN, cookies, or proxy credentials, and avoid untrusted proxies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The skill description narrows scope to a lightweight crawler and explicitly excludes several features, but the referenced behavior includes runtime installation/bootstrap and potentially broader provider scraping support than the description suggests. This mismatch is dangerous because reviewers or users may authorize the skill under an incomplete understanding of what it can do, leading to over-trust and execution of code paths with filesystem modification and network scraping capabilities.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The provider goes beyond a lightweight trend crawler by creating authenticated Playwright-backed scraping sessions, accepting cookies, ms_token, and proxy credentials, and tuning browser behavior to improve access to TikTok. In this skill context, that meaningfully increases risk because it enables credentialed scraping and anti-detection behavior that is broader than the declared scope and can expose secrets or violate platform access controls.

Context-Inappropriate Capability

Medium

Confidence: 84% confidence
Finding: Reading TIKTOK_MS_TOKEN from the environment introduces use of ambient credentials that are not evident from the skill's stated lightweight crawler purpose. This is dangerous because the code can silently consume sensitive authentication material present in the runtime and use it for outbound scraping, expanding access beyond what a caller may expect.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The code monkey-patches Playwright internals globally to alter navigation and load-state behavior, explicitly to make scraping more resilient under difficult network conditions. This is risky because global runtime patching can affect unrelated browser automation in the same process, obscure normal security boundaries, and signals deliberate anti-detection/evasion behavior beyond the manifest's limited crawler scope.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The skill enables implicit invocation with no visible trigger constraints, so the platform may auto-select and run this crawler in situations the user did not clearly intend. For a skill that performs external data fetching, ambiguous activation increases the chance of unintended network access, incorrect tool use, and accidental disclosure of user queries to third-party targets.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README instructs users to export a TikTok session token (`TIKTOK_MS_TOKEN`) to enable scraping, but it does not warn that this value is a sensitive authenticated credential that can grant access tied to a real account/session. In practice, users may paste long-lived tokens into shell history, shared terminals, logs, screenshots, or commit them into `.env` files, increasing the chance of credential leakage and account misuse.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal