ClawHub

douyin-spark

Security checks across malware telemetry and agentic risk

Overview

This skill is openly built to automate Douyin private messages, but it gives broad bulk messaging authority without clear confirmation, preview, or account-risk safeguards.

Install only if you are comfortable letting an agent act inside your logged-in Douyin chat. Review the contact file first, avoid unattended cron/HEARTBEAT runs, require a preview of recipients and message text before every send, and do not rely on the package’s claims that automation is safe from rate limits or bans.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The documented conversational triggers are broad natural-language phrases such as '帮我续火花' and '给火花联系人发消息', which could overlap with ordinary chat intent and cause the agent to send outbound messages without a sufficiently explicit confirmation step. In the context of a skill that performs real actions on a user's social account, ambiguous activation increases the risk of unintended messaging, spam-like behavior, and privacy-impacting contact interactions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README promotes automatic message sending and contact-list management but does not prominently warn users that the skill will send messages to real contacts and persist modifications in a file under ~/.openclaw/workspace/memory. Missing disclosure undermines informed consent and makes accidental account actions more likely, especially when the skill can be scheduled via cron for recurring execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill automates sending direct messages to contacts and storing a contact list without any consent, privacy notice, recipient verification, or rate/abuse safeguards. In context, this is more dangerous because it targets real user relationships on a live messaging platform, creating spam, privacy, and account-enforcement risks if the agent messages people automatically or at scale.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill is designed to facilitate outbound messaging to real external contacts and presents a ready-to-follow workflow without an explicit confirmation, consent, or warning about sending messages on the user's behalf. In an agent setting, that increases the chance of unintended spam, harassment, or privacy-impacting communications if an assistant follows the instructions automatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly directs daily outbound messaging to all listed contacts and even provides a canned message, but it does not require user confirmation, consent checks, or any privacy/safety guardrails. In context, these are likely real social contacts on Douyin, so automated or semi-automated messaging can affect third parties, create spam/harassment risk, and expose relationship data or behavioral profiling.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The invocation phrases are extremely broad (e.g. '帮我续火花', '给火花联系人发消息') and map to automated messaging behavior without requiring explicit scope, recipient selection, rate limits, or confirmation. In the context of a skill explicitly marketed for bulk automated Douyin messaging, this increases the likelihood of unintended mass actions, spammy behavior, privacy exposure, and platform-account enforcement.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description promotes bulk auto-messaging and 'AI 代聊' while failing to prominently warn about account bans, spam/abuse risks, unintended disclosure of contact data, and consent/privacy concerns. Because the surrounding text actively reassures users with '防限流设计' and '安全不封号', the omission is more dangerous: it downplays real risks and encourages unsafe deployment of an automation tool aimed at social messaging workflows.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The documentation suggests very broad natural-language triggers such as “帮我续火花” and “续火花,说:你好呀”, which could be matched unintentionally during normal conversation. For an automation skill that sends messages on Douyin, accidental activation can cause unintended outbound actions, spam-like behavior, or privacy-impacting contact interactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal