抖音返利管家

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Douyin rebate reporting skill whose sensitive order and coupon data use is clear from its stated purpose.

Install only if you are comfortable using an assistant to organize Douyin order, coupon, creator, and commission details. Prefer manually selected data or limited exports, and do not provide account passwords, session tokens, or broad account access unless a future version clearly explains and limits that access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill describes automatic synchronization of rebate orders plus analytics over purchase sources, influencers, and coupon usage, which implies collection and processing of potentially sensitive shopping and behavioral data. Without any disclosure, consent, minimization, or access-control guidance, users may expose detailed consumption profiles and affiliate data beyond what they reasonably expect.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal