抖音流量分配大盘

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed API-backed Douyin traffic dashboard skill with some privacy and auto-invocation cautions, but no evidence of hidden, destructive, or deceptive behavior.

Install only if you are comfortable using an AI Skills API key and sending invocation parameters and tenant metadata to ai-skills.ai or the configured base URL. Prefer explicit invocation for Douyin traffic-distribution tasks, and avoid placing confidential business or personal data in parameters unless you trust the service’s handling of that data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill requires environment variables and explicitly instructs users to invoke a Python runner that sends data to an external API, but it does not declare corresponding permissions. This creates a transparency and governance gap: hosts or users may not realize the skill can access secrets and perform network egress, increasing the risk of unintended data exposure or policy bypass.

Description-Behavior Mismatch

Medium

Confidence: 83% confidence
Finding: The file is effectively a thin remote execution client that forwards user parameters to an external service rather than performing the described analytics locally. This creates a trust and transparency gap: users may believe they are invoking a local analysis skill when they are actually sending data off-box to a remote backend, which can expose sensitive inputs and shift the security boundary unexpectedly.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation states that runner parameters are sent to the AI Skills API, but it does not clearly warn users that their input may be transmitted to a third-party service. Because this skill is intended to analyze business background and goal-related inputs, users may supply commercially sensitive or personal data without informed consent, creating a real data leakage and compliance risk.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The manifest enables implicit invocation without defining any trigger constraints, so the skill may be auto-selected in situations broader than intended. This can cause the agent to invoke a data-analysis skill on loosely related user requests, increasing the risk of prompt-scope confusion, unintended data handling, or misleading outputs in security-sensitive or privacy-sensitive contexts.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The runner sends user-supplied params together with tenant metadata to a remote endpoint without any visible disclosure, consent flow, or redaction step. For an analytics-oriented skill, users may provide business-sensitive materials, so undisclosed transmission to a third-party service increases privacy and data handling risk even though transport uses HTTPS.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal