ClawHub

Douyin Video Forge

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its video-production purpose, but it needs Review because it can create ongoing scheduled jobs, automate scraping/downloads, and overwrite its install directory without enough user control.

Install only if you are comfortable with Douyin browsing/scraping, local video downloads and processing, optional Kling API uploads/costs, and multi-day scheduled automation. Before using multi-day publishing, verify exactly what job will be written, how to disable it, and whether API credits may be spent automatically; back up any local edits before reinstalling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill uses shell commands, environment variables, and network access but does not declare explicit permissions or warn users about these capabilities. This weakens consent and review boundaries, making it easier for the skill to perform impactful local or remote actions without clear user awareness.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented purpose focuses on Douyin collection and video generation, but the skill also performs local transcription, frame extraction, connectivity checks, and remote media downloads to temporary files. These additional behaviors expand the attack surface and data handling scope beyond what a user might reasonably expect from the description.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The document claims compliance with Douyin robots.txt and terms, yet elsewhere proposes anti-detection features such as fingerprint randomization, proxy rotation, cookie pools, and automated CAPTCHA handling. That inconsistency is security-relevant because it signals an intent to bypass platform controls and can mislead reviewers or users about the true operational behavior of the skill.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The PRD includes planned anti-detection scraping capabilities (Camoufox, fingerprint randomization, proxy rotation) and longer-term session/cookie pool management and CAPTCHA automation. These capabilities materially increase the skill's ability to evade service protections and scale unauthorized collection, which goes beyond a normal video-production workflow and creates clear abuse potential.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill instructs automatic creation of local Cron jobs for multi-day execution, introducing persistence on the host outside the immediate user session. Persistence increases risk because recurring tasks can continue making network calls, processing data, or consuming resources after the user may believe the interaction has ended.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The PRD describes browser collection from Douyin, local execution of yt-dlp/ffmpeg, and installation by copying files, but does not clearly warn users about network access, disk usage, content downloads, or modifications to the local OpenClaw skills directory. In a tool that automates browsing and media handling, missing operational warnings can lead to unexpected system changes or data usage and weakens informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The migration section states that reinstall will automatically clean old MCP-related files and instructs users to remove configuration entries, but it does not specify exactly what will be deleted or modified. Automatic cleanup of local files/config without a precise warning or backup guidance can cause unintended loss of local configuration and makes the installer behavior harder to audit safely.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly promotes browser scraping, video downloading, transcription, API-based generation, and local output, but it does not warn users about privacy implications, third-party data processing, platform/account enforcement risk, or legal/compliance considerations. In a skill that automates collection and processing of Douyin content, this omission can cause users to unknowingly handle personal or copyrighted data in ways that create security, privacy, or policy exposure.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The auto-activation trigger is very broad and may activate on common conversation topics unrelated to a deliberate request to run this workflow. In a skill that can invoke browser actions, shell commands, downloads, and external APIs, accidental activation materially raises the chance of unintended execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes creating Cron tasks and writing to a local jobs file without prominent disclosure of the user impact, persistence, or resource/network consequences. Silent or under-disclosed persistence is dangerous because it changes system behavior beyond the current session and can surprise users with ongoing automated activity.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow collects Douyin data via browser automation and sends prompts or media-related data to an external Kling API, but it does not clearly communicate privacy, data transfer, or third-party processing risks. Users may unknowingly expose browsing-derived content, project details, or media artifacts to external services.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The installer unconditionally deletes any existing skill directory with `rm -rf` before reinstalling, without prompting the user or creating a backup. This is dangerous because it can cause irreversible local data loss, especially if the existing directory contains user edits, cached assets, or configuration files not preserved elsewhere.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal