ClawHub
Back to skill

Security audit

今日头条运营助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-only Toutiao operations assistant whose account automation is disclosed and aligned with its stated purpose, but users should control credential use and approve live posts.

Install only if you want an agent to help operate a real Toutiao account. Use a dedicated account if possible, do not paste passwords into prompts or files, review drafts and covers before release, and require explicit approval before any browser-driven publishing or scheduled posting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document assigns an agent to perform browser automation publishing and to track platform metrics, but it does not disclose operational risks such as unintended posting, account actions, credential exposure, or privacy implications from collecting and handling engagement data. In an agent skill context, normalizing automated publishing without guardrails increases the chance that a downstream implementation will act on external platforms with insufficient user consent, review checkpoints, or rate/permission controls.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly promotes browser automation for posting and requires configuring a Toutiao account with credentials, but it provides no warning, consent flow, or security guidance around credential handling and automated account actions. In this context, that omission is risky because users may grant account access or trigger posting automation without understanding platform-policy, account-lockout, or unauthorized publishing consequences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.