ClawHub

Tikhub Social Media

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad TikHub social-media API caller that mostly fits its purpose, but it exposes sensitive and action-oriented endpoints without enough boundaries.

Install only if you trust the publisher and TikHub with your queries and identifiers. Use a dedicated TikHub API key, monitor credit usage, and do not provide social-media cookies, SSO tokens, browser session data, or login artifacts unless you have reviewed the exact endpoint and accept the account and privacy risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (22)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly relies on environment variables and outbound network access to a third-party API, yet it does not declare corresponding permissions. This creates a transparency and governance gap: operators and users may not realize the skill can transmit user-supplied queries and retrieved data externally, undermining policy enforcement and review.

Description-Behavior Mismatch

Medium
Confidence
83% confidence
Finding
The documentation broadens the skill from general read-only social-media lookup into ad, creator, analytics, and shop-related endpoints, which materially expands data-access scope beyond the stated use case. That mismatch can cause the agent to invoke higher-sensitivity or commercially sensitive APIs without clear user expectation or authorization boundaries.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The reference includes an endpoint to increase a post's view count, which is not passive data retrieval and directly enables metric manipulation. In a skill explicitly described as retrieval-only and not for posting/interaction actions, exposing this capability creates misuse risk such as artificial engagement inflation and platform abuse.

Description-Behavior Mismatch

Low
Confidence
79% confidence
Finding
Share-link and short-URL generation endpoints exceed the stated read-only purpose of the skill and introduce action-oriented behavior not necessary for social data retrieval. While lower risk than direct posting or engagement actions, they can still facilitate link laundering, tracking, or unauthorized content redistribution workflows.

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
Endpoints that fetch user collections/favorites expand the skill from basic public content lookup into potentially more privacy-sensitive behavioral data access. This is riskier than the manifest suggests because collections can reveal preferences, interests, or non-obvious relationships about a user.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This reference documents non-read-only Douyin capabilities such as increasing video play counts and generating deep links to open the app and initiate private-message flows, which exceeds the skill's declared purpose of social-media data retrieval. In an agent setting, exposing such endpoints creates a path for engagement manipulation or unsolicited user-directed actions, especially if the model can select tools based on user prompts without strong policy gating.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The documented ability to generate guest cookies, msToken, ttwid, verify_fp, X-Bogus, A-Bogus, and related signatures indicates support for session bootstrapping and anti-bot bypass mechanics rather than simple data querying. In a skill intended for benign social-media lookup, these capabilities materially increase abuse potential by enabling automated access patterns that may evade platform protections.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The reference explicitly exposes a LinkedIn user contact-information endpoint, which increases access to sensitive personal data beyond ordinary public post/profile retrieval. In an agent setting, this can enable privacy-invasive enrichment, unwanted profiling, or collection of contact details without clear consent boundaries or sensitivity controls.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
This reference documents SSO login QR code, login status/auth flows, guest-cookie issuance, and device registration, which materially exceed the skill's declared read-only social-data retrieval purpose. In an agent context, exposing account/session-establishment capabilities can enable credential capture, unauthorized session creation, or account access workflows that users would not reasonably expect from a passive analytics skill.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The documented endpoints for generating msToken, fingerprints, webid, ttwid, XBogus, and XGnarly are anti-bot/signature-evasion primitives rather than ordinary social-data queries. In practice, these capabilities can be used to impersonate clients, bypass platform protections, and facilitate unauthorized automation, making them especially risky inside an agent skill.

Description-Behavior Mismatch

Critical
Confidence
99% confidence
Finding
The reference includes interaction/manipulation features such as increasing video play count and generating deep links to send private messages, directly contradicting the manifest's claim that the skill is not for posting or interaction actions. This mismatch is dangerous because it creates hidden capability for engagement manipulation or user-contact actions under the guise of a read-only retrieval tool.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Cryptographic and login-request transformation endpoints, including app encryption helpers and login request body encryption/decryption, are unrelated to simple data retrieval and can support credential abuse or reverse-engineered authentication workflows. In a skill marketed for social media querying, these hidden low-level auth helpers substantially raise the risk of misuse and bypass of platform controls.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The reference exposes cookie acquisition and signing-related endpoints that materially expand the skill from passive social-data lookup into credential/session handling and request-signing behavior. In an agent setting, undocumented auth-adjacent capabilities are risky because they can be used to obtain session artifacts or generate signed requests outside the user's expected consent boundary.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger/use guidance is very broad, covering nearly any request to search social media, fetch platform data, analyze content, or retrieve influencer information. Overbroad invocation criteria increase the chance the agent selects this skill for loosely related requests, causing unnecessary external data transfer and use of a third-party service when a narrower or safer option may exist.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises access to profiles, followers, comments, live streams, and creator analytics, but does not prominently warn that these requests are sent to TikHub, a third-party external service. Because these data types can be privacy-sensitive or regulated in some contexts, lack of disclosure and consent increases the risk of inappropriate collection, transmission, and downstream use.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference broadly exposes profile, follower, following, collection, and recommendation endpoints across many platforms without any privacy notice, consent guidance, or usage constraints. That creates a realistic risk of large-scale profiling, relationship mapping, and surveillance-like use, especially because the skill aggregates these capabilities in one place.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The reference asks users to provide Douyin web cookies for certain endpoints but gives no warning that cookies are authentication material that can expose account data or enable account-backed actions. In an agent workflow, users may paste live session cookies without understanding the credential and privacy risks, creating a realistic chance of account compromise or overcollection.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Multiple recommendation endpoints accept user-supplied cookies while lacking any disclosure that these cookies may correspond to authenticated sessions and expose private account context. Because the skill is framed as data retrieval, this mismatch makes it easier for operators or users to normalize credential submission for convenience, increasing privacy and account-access risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Audience portraits, fan portraits, and interest/search analytics can reveal or infer demographic, behavioral, and preference information about individuals or groups, yet the reference includes no privacy warning or usage constraints. In a social-media analysis skill, this context makes profiling features more likely to be used at scale, raising misuse, surveillance, and compliance concerns.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation presents access to user contact information and detailed profile data with no privacy warning, usage restriction, or consent guidance. In a skill meant for broad social-media querying, that omission makes misuse more likely because an agent may treat sensitive personal data as routine content retrieval.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The reference explicitly describes endpoints that take cookies and other sensitive session-related inputs without warning users about privacy, account security, or the risk of sharing authentication material. In an agent setting, this omission is dangerous because users may provide credentials or session tokens to an apparently benign analytics skill, enabling account compromise or unauthorized tracking.

Missing User Warnings

High
Confidence
90% confidence
Finding
Documenting cookie- and token-related endpoints without any warning about credential sensitivity is dangerous because agents or integrators may treat session cookies, xsec_token values, and signing flows as ordinary parameters and log, persist, or reuse them insecurely. In this skill context, that is more dangerous because the manifest frames the skill as simple read-only social-media retrieval, reducing operator suspicion around auth-sensitive operations.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal