ClawHub
Back to skill

Security audit

Douyin Viral Breakdown

Security checks across malware telemetry and agentic risk

Overview

The skill is a Douyin video-analysis helper that openly fetches links, downloads media, extracts frames, and analyzes public video/comment data, with privacy and hardening gaps but no artifact-backed deception or destructive behavior.

Install only if you are comfortable with the agent fetching Douyin pages, downloading referenced videos, creating local video/frame files, and possibly sending image data or URLs to third-party services when those paths are used. Use it with public links, avoid sensitive content, prefer first-party parsing, and delete generated media files after analysis if retention matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Tainted flow: 'url' from requests.get (line 26, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X) AppleWebKit/605.1.15'
    }
    
    resp = requests.get(url, headers=headers)
    html = resp.text
    
    # 从HTML中提取_ROUTER_DATA
Confidence
93% confidence
Finding
resp = requests.get(url, headers=headers)

Tainted flow: 'url' from requests.get (line 26, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
"""从抖音URL提取视频ID"""
    # 处理短链接
    if 'v.douyin.com' in url:
        resp = requests.get(url, headers={
            'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X) AppleWebKit/605.1.15'
        }, allow_redirects=True)
        url = resp.url
Confidence
94% confidence
Finding
resp = requests.get(url, headers={ 'User-Agent': 'Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X) AppleWebKit/605.1.15' }, allow_redirects=True)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill goes beyond aggregate video analysis and instructs collection of comment-level data including nicknames, IP labels, and timestamps. Even if publicly accessible, harvesting commenter identifiers and metadata is unnecessary for the stated task and increases privacy risk, profiling risk, and the chance of misuse or over-collection.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README states that the skill will automatically download videos and extract frames, but it does not warn users that sending a link triggers external network requests and local file creation. In an agent context, this can cause unexpected fetching of untrusted content and storage/processing of user-supplied media, increasing SSRF-style exposure, privacy concerns, and disk/resource abuse risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The technical implementation documents fetching share pages, parsing embedded data, obtaining a video URL, and downloading the video, yet provides no warning or safeguards around external requests or handling untrusted remote content. In a skill that auto-activates on links, this makes the behavior more dangerous because a simple user message can trigger network access and media processing without clear consent or operational constraints.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill mandates downloading user-provided Douyin videos and running external tools like ffmpeg without a clear user warning. These actions affect the local system and may consume bandwidth, storage, and processing resources, while also expanding the attack surface through handling untrusted media and shell-invoked tooling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill suggests using third-party parsing APIs for user-supplied Douyin links or identifiers but does not clearly warn that these inputs may be sent off-platform. This can leak user-provided URLs, video identifiers, and possibly associated metadata to external services without informed consent or vendor review.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The code base64-encodes a locally stored image and transmits it to an external vision API without any visible consent, warning, minimization, or policy gate in this file. In a skill that processes user-submitted content, this can expose user data to a third party unexpectedly and may violate privacy, compliance, or platform data-handling expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal