抖音官方入口

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple Douyin link navigator with no code execution, credentials, local file access, persistence, or destructive behavior.

This appears safe for basic link lookup, but verify the listed Douyin URLs yourself and do not assume the publisher is officially affiliated with Douyin just because the skill uses official-style wording.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill leaves the `When to Run` section empty, so an agent has no bounded activation criteria for when this skill should be invoked. In practice, this can cause overbroad or unintended triggering, which increases the chance of inappropriate web navigation or confusing outputs, especially in environments with multiple skills.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal