ClawHub

Douyin Reverse Engineer

Security checks across malware telemetry and agentic risk

Overview

This skill is a user-run video downloader and AI analyzer with third-party video processing that is mostly disclosed and aligned with its purpose.

Install only if you are comfortable using your ARK_API_KEY and sending chosen videos or downloaded media to Volcengine/Doubao and downloader helper services. Use a dedicated output directory, avoid sensitive private videos, and review or install the referenced downloader/analyzer skills before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions, yet its metadata and documented usage clearly require environment access, shell execution, and file operations. This creates a transparency and consent problem: users or orchestration systems may invoke a skill with broader capabilities than expected, increasing the risk of unintended local file access, command execution, or secret exposure.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared description says the skill reverse-engineers Douyin videos into prompts/storyboards, but the documented behavior is materially broader: it can process local files, download from arbitrary URLs/platforms, perform download-only actions, rewrite content into a new style, and send videos to an external ARK service. This mismatch is dangerous because users may authorize the skill for a narrow task while it performs broader data handling and network transfer than advertised.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The skill description says it reverse-engineers Douyin videos, but this code supports arbitrary non-Douyin URLs and invokes a general-purpose downloader. That scope expansion increases attack surface, can be abused to fetch untrusted remote media from many platforms, and may violate user or platform expectations about what the skill is allowed to do.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill launches an external yt-dlp-based downloader despite being presented as a reverse-engineering analyzer. Pulling in external download tooling for arbitrary URLs materially increases the trust boundary, network exposure, and content-handling risk beyond a narrowly described analysis function.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger description includes broad phrases such as video analysis, prompt reverse-engineering, and game rewriting, which may match ordinary user requests beyond the intended narrow Douyin workflow. Overbroad triggering can cause the skill to activate unexpectedly, leading to accidental processing of local media, network downloads, or external uploads without clear user intent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation states that an ARK API key is required for analysis, but it does not clearly warn that supplied video URLs or local video files may be transmitted to an external AI analysis service. This is a meaningful privacy and data-governance issue, especially for local videos that may contain sensitive or proprietary content users did not intend to upload.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal