ClawHub

Douyin Video Analyst

Security checks across malware telemetry and agentic risk

Overview

The skill performs the advertised Douyin transcript workflow, but it asks agents to inspect local MCP config files and handle API keys in ways that can expose secrets.

Review before installing. Use this only if you trust mcporter, douyin-mcp, and the configured API providers with the Douyin URLs and transcripts you process. Avoid running troubleshooting commands that print full MCP configuration unless secrets are redacted first, and prefer keeping API keys in managed environment configuration rather than copying them into command lines or shared logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to read local MCP configuration files under the user's home directory and enumerate configured environment keys to determine which API credential is present. Accessing local config data is not necessary to fulfill the user-facing task of collecting Douyin video links and analyzing transcripts, and it expands the skill's privilege to inspect potentially sensitive local state.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill tells the agent to extract and place API keys into shell command lines for external calls. This creates unnecessary credential handling and increases exposure through command history, process listings, logs, tool transcripts, and accidental output, all beyond what is required for a transcript-analysis workflow.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs inspection of local configuration files and enumeration of environment key names without any user notice or consent flow. Even if only key names are listed, the action reveals private workstation configuration and normalizes local data access unrelated to the immediate user request.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the use of API credentials in networked extraction commands without warning that user data and secrets are involved in outbound requests. This is dangerous because it can send video targets and potentially expose credentials through execution artifacts while the user is not informed of the data flow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup guide instructs users to place live API keys directly into persistent local configuration files and shell commands, but provides no warning about secret handling, redaction, least-privilege use, or avoiding commits/log leakage. In this skill context, users are explicitly configuring third-party services for automated scraping/transcription, so mishandling these credentials could expose paid API access or allow unauthorized use of the user's account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal