ClawHub

Browser Douyin Post

Security checks across malware telemetry and agentic risk

Overview

This skill is intended to post to Douyin, but it gives an agent live browser-account publishing authority without a clear final confirmation and includes an unsafe navigation-bypass instruction.

Install only if you are comfortable letting an agent control a logged-in Douyin Creator Center browser session. Use a dedicated Chrome profile or account, verify the exact media file, title, destination account, and visibility before publishing, and close Chrome remote debugging after use. Treat the navigation-bypass instruction as a reason to review carefully.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to use JavaScript evaluation to change window.location.href specifically to avoid built-in SSRF protections on the normal navigate action. Deliberately bypassing a safety control is dangerous because it normalizes a pattern that can be repurposed to reach unintended destinations or evade platform guardrails, even if the immediate example targets a legitimate site.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation text is broad enough that ordinary requests to post or upload to Douyin may invoke a skill that performs account actions in a live logged-in browser session. In this context, broad triggering increases the chance of unintended invocation and accidental posting, especially because the skill culminates in an irreversible publish step.

Missing User Warnings

High
Confidence
96% confidence
Finding
The workflow and example proceed directly to clicking the publish button without an explicit user warning or confirmation immediately before the irreversible action. Because this skill operates on a logged-in creator account and can publicly post content, the lack of a final confirmation materially raises the risk of accidental or unauthorized publication.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal