Back to skill

Security audit

Douyin Hot Trend

Security checks across malware telemetry and agentic risk

Overview

The main Douyin trend fetcher is coherent, but bundled helper scripts add under-disclosed Telegram routing and an unsafe shell-command pattern.

Review before installing. The documented command node scripts/douyin.js hot [number] is aligned with fetching public Douyin trends, but avoid scripts/get-hot-trend.js unless the limit is strictly numeric and trusted. Remove or edit cron-job.js unless you explicitly want Telegram-style scheduled output, and replace the hard-coded chat ID with user-controlled configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill is ներկայացված as a simple Douyin hot-trend fetcher, but the finding indicates additional undeclared behavior: generating Telegram channel messages, embedding fixed Telegram chat/channel identifiers, and writing multiple local output/debug files. That mismatch is security-relevant because it can enable covert data exfiltration, unauthorized messaging, or persistence/logging beyond the user's expected scope, especially when these capabilities are not disclosed in the skill documentation.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill description says it retrieves Douyin hot-trend data, but the code is explicitly designed as a scheduled Telegram delivery job and prepares outbound messaging content. This hidden or undocumented secondary behavior expands the skill's operational scope and can cause unintended exfiltration or misuse in environments that expect read-only data retrieval.

Description-Behavior Mismatch

Low
Confidence
84% confidence
Finding
The code persists generated message content and structured output to local files even though the skill description only mentions fetching and outputting hot-trend data. Undocumented file writes create unnecessary data retention, may expose chat metadata or scraped content to other local processes, and broaden the skill's side effects beyond user expectations.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill hardcodes Telegram-specific metadata including a concrete chat_id and channel, tying the output to a specific external destination unrelated to the stated retrieval-only purpose. Hardcoded external routing can send content to an unintended recipient, creates hidden data-flow to a third party, and makes redeployment unsafe because operators may unknowingly reuse the same destination.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
cron-job.js:16

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/get-hot-trend.js:16