ClawHub

抖音私信发送

Security checks across malware telemetry and agentic risk

Overview

This skill appears built to send Douyin private messages, but it can use an existing logged-in browser session and send messages without a clear final confirmation step.

Install only if you intentionally want an agent to send Douyin private messages from your logged-in account. Before use, require a clear confirmation step showing the resolved recipient, account context, and exact message text; consider using an isolated browser profile or fresh login instead of a persistent personal profile.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script launches Playwright with a hard-coded persistent browser profile directory, which reuses an existing logged-in Douyin session without any explicit consent or runtime verification. This grants the script direct access to the user's authenticated account and stored session state, making unauthorized messaging or broader account actions possible if the skill is invoked unexpectedly or modified.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to activate on common conversational requests like '给 xxx 发消息' or 'douyin send message', which can cause the agent to initiate a private-message workflow without sufficiently explicit platform-specific confirmation. In a skill that performs outbound communication on the user's behalf, overbroad triggering increases the risk of accidental invocation, unintended contact selection, and unauthorized message sending.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill automates sending private messages from the user's account but does not require a user-facing warning or explicit confirmation immediately before dispatch. Because it can resolve recipients from memory and then send via browser automation, mistakes in recipient matching, prompt interpretation, or message content could result in unauthorized or misdirected communications with privacy, reputational, and social-engineering consequences.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Accessing a persistent browser profile silently leverages stored cookies and login state, but the script provides no user-facing warning that it will use existing session data. In a message-sending skill, this reduces transparency and can cause users to unknowingly authorize actions from their real account context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends the direct message immediately by pressing Enter once text is filled, with no confirmation or review step before an irreversible external action. Because this skill automates messaging on a live social account, accidental invocation, wrong recipient selection, or malicious upstream input can result in unintended communications from the user.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal