Security audit

Douyin Content Tracker Skill

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it needs user review because it handles live Douyin login cookies and installs/runs broad external scraping tooling with limited safety warnings.

Install only if you are comfortable giving this tooling access to an authenticated Douyin session. Use a dedicated account and virtual environment, keep .douyin_cookies.json private and out of source control, avoid browser-cookie fallback unless necessary, pin/review dependencies and MediaCrawler, and delete or rotate cookies after use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (15)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill clearly instructs shell execution, environment variable use, and file reads/writes, yet no permissions are declared. This creates a transparency and consent problem: a user or platform may underestimate what the skill can access or modify, especially because it handles cookies and local files.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation tells users to copy a Douyin cookie file from WeChat into the skill directory without warning that this file contains live authentication material. Reusing session cookies outside their original context can expose account access, enable unauthorized reuse, and normalize unsafe credential handling.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The troubleshooting section recommends using browser cookies with yt-dlp but does not warn users that this pulls authenticated browser session data into a command-line workflow. That can expose private sessions, broaden the attack surface, and lead users to grant unnecessary access to sensitive browser credentials.

Ssd 3

High

Confidence: 98% confidence
Finding: These instructions explicitly move authentication cookies from WeChat/Chrome-related storage into the skill workspace for reuse. Storing reusable session material in a project directory increases the chance of accidental disclosure, misuse by other local processes, inclusion in backups, or exfiltration through later tooling.

Ssd 3

Medium

Confidence: 95% confidence
Finding: Telling users to retry with browser cookies encourages reuse of private browser session data to bypass access controls or scraping blocks. Even if intended for convenience, it conditions users to export sensitive session state into broader contexts where it may be captured, logged, or abused.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 采集 playwright yt-dlp # 数据处理
Confidence: 92% confidence
Finding: playwright

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 采集 playwright yt-dlp # 数据处理 pandas
Confidence: 97% confidence
Finding: yt-dlp

Unpinned Dependencies

Low

Category: Supply Chain
Content: yt-dlp # 数据处理 pandas jieba # 音频提取（ffmpeg wrapper，用于获取 ffmpeg 可执行文件）
Confidence: 88% confidence
Finding: pandas

Unpinned Dependencies

Low

Category: Supply Chain
Content: # 数据处理 pandas jieba # 音频提取（ffmpeg wrapper，用于获取 ffmpeg 可执行文件） imageio-ffmpeg
Confidence: 86% confidence
Finding: jieba

Unpinned Dependencies

Low

Category: Supply Chain
Content: jieba # 音频提取（ffmpeg wrapper，用于获取 ffmpeg 可执行文件） imageio-ffmpeg # 语音识别 openai-whisper
Confidence: 90% confidence
Finding: imageio-ffmpeg

Unpinned Dependencies

Low

Category: Supply Chain
Content: imageio-ffmpeg # 语音识别 openai-whisper # 其他 python-dotenv
Confidence: 91% confidence
Finding: openai-whisper

Unpinned Dependencies

Low

Category: Supply Chain
Content: openai-whisper # 其他 python-dotenv
Confidence: 89% confidence
Finding: python-dotenv

Known Vulnerable Dependency: yt-dlp — 7 advisory(ies): CVE-2023-46121 (yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection); GHSA-3v33-3wmw-3785 (yt-dlp has dependency on potentially malicious third-party code in Douyu extract); CVE-2023-40581 ( yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`) +4 more

High

Category: Supply Chain
Confidence: 98% confidence
Finding: yt-dlp

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low

Category: Supply Chain
Confidence: 80% confidence
Finding: python-dotenv

YARA rule 'info_stealer': Information stealer patterns (credential harvesting, browser data theft) [malware]

High

Category: YARA Match
Content: ~/DouyinContentTracker/ ├── data/ # 采集数据 │ ├── 周凯谈烘焙_20260321_083047.csv │ └── cleaned_周凯谈烘焙_20260321_083047.csv ├── audio/ # 音频文件 │ └── 周凯谈烘焙/ │ ├── 7559900409483300105.m4a (96 KB)
Confidence: 88% confidence
Finding: cookies-from-browser chrome; cookies-from-browser", "chrome; cookies-from-browser chrome

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal