Douyin Video Downloader

Security checks across malware telemetry and agentic risk

Overview

This is a clear Douyin download guide, but it suggests using logged-in browser cookies without enough safety limits or warnings.

Review before installing. Use it only for videos you are allowed to save, avoid private or sensitive links, and do not let an agent access your logged-in Douyin browser profile or cookies unless you explicitly approve the exact local action and understand the account-session risk.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs users to submit Douyin video URLs to third-party parsing services, which exposes user activity and requested content to external operators without any privacy, trust, or data-handling warning. In this context, the service is explicitly used to bypass platform restrictions, increasing the chance that users rely on unvetted sites that may log URLs, fingerprint users, serve malware, or abuse submitted links.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill recommends browser automation using a logged-in Douyin session cookie but provides no warning that authenticated browser sessions and cookies are highly sensitive credentials. This can lead users to expose active session tokens to automation tooling or third-party services, enabling account takeover, unauthorized access, or misuse of private data if the session is leaked or mishandled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal