ClawHub

Tiktok Ads CLI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed TikTok Ads reporting helper, with documentation clarity issues but no evidence of hidden or destructive behavior.

Before installing, verify the npm package and prefer a pinned version. Use a least-privileged TikTok OAuth token, avoid exposing secrets in chat or logs, confirm advertiser IDs and report date ranges before running commands, and require explicit confirmation for any command outside the documented read/report/list workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill describes the CLI as read-only while also saying it can 'manage custom and lookalike audiences,' which implies operations beyond passive data retrieval. This mismatch can cause the agent or user to authorize the skill under a false safety assumption, increasing the risk of unintended state-changing actions against an ad account.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The inline documentation is internally inconsistent: it labels the tool read-only while instructing use for audience management. Contradictory capability statements are security-relevant because they can mislead downstream agents into executing riskier operations than the user or platform expects.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill does not clearly warn that use of the CLI sends advertiser IDs, reporting parameters, and account-linked data to the TikTok Marketing API. In a security-sensitive agent context, lack of disclosure can lead to unintentional third-party data sharing and inadequate user consent around external transmission of business data.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal