抖音自动回复助手

Security checks across malware telemetry and agentic risk

Overview

This Douyin automation skill has no evidence of malware or exfiltration, but it needs review because it asks for a full account cookie, automates account actions, and overstates unfinished functionality.

Install only if you are comfortable giving the tool broad access to a Douyin session and accepting account-policy risk from automated replies or DMs. Treat this as an unfinished prototype, avoid using a primary account, do not paste long-lived cookies into shell history, review config.json and douyin_bot.log, and prefer an official scoped API or OAuth flow if available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (14)

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The report explicitly states the skill is complete and ready for release, but later admits that full Douyin API integration is still pending. This is a security-relevant integrity issue because operators may deploy or purchase the skill under false assumptions about what it actually does, leading them to trust incomplete automation around account actions and moderation workflows.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The document markets 24/7 monitoring, intelligent auto-reply, and private-message diversion as active capabilities, yet the roadmap later says full Douyin API integration remains unimplemented. In the context of an automation tool that interacts with a live platform account, overstating operational capability can cause unsafe deployment, unexpected behavior, and misplaced trust in controls such as rate limiting or risk protection.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The listing claims both '不存储聊天记录' and elsewhere advertises '详细日志记录' and '数据统计分析', which creates a material transparency and privacy mismatch. Even if not malicious, users may be misled into exposing account activity or user communications under false assumptions about retention, increasing privacy, compliance, and trust risks.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The checklist promotes automated Douyin comment replies and private-message lead generation but does not warn users about account bans, rate limits, platform policy violations, spam complaints, or privacy implications. In this skill's context, the omission is more concerning because the product is explicitly marketed for automated engagement and conversion, which can directly affect third-party users and the operator's account safety.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The quick-start instructions tell users to input a Douyin authentication cookie for automated operation, but they do not clearly explain that cookies are bearer credentials that can enable account takeover if exposed. This is more dangerous in this skill's context because the tool is designed to automate posting and messaging from a real platform account, so mishandling the cookie directly risks unauthorized account access, abuse, and platform enforcement actions.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill promotes automated comment monitoring, auto-replies, and DM redirection on a real user account without clearly disclosing account, privacy, and platform-enforcement risks. In this context, the behavior can affect third-party users and the operator's account reputation, and may violate platform rules or trigger account restrictions if deployed carelessly.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The configuration example instructs users to place a Douyin session cookie directly into a JSON file without identifying it as a sensitive credential. Session cookies can grant direct account access if leaked through source control, logs, backups, or local compromise, making this especially dangerous because the skill automates actions on the account.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The quickstart instructs users to copy their full Douyin cookie from browser request headers and paste it into the tool, but does not clearly warn that this cookie is sensitive bearer-style authentication material that can allow account access if exposed. In the context of an automation skill that monitors comments and sends replies/DMs, normalizing collection and storage of a full session cookie materially increases the risk of account takeover, unauthorized messaging, and leakage through logs, shell history, screenshots, or config files.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The setup instructions tell users to paste an authenticated Douyin cookie directly into a command without prominently warning that this is a sensitive session credential equivalent to account access. If mishandled, leaked via shell history, logs, screenshots, or config files, the cookie could enable account takeover or unauthorized actions on the user's Douyin account.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The listing instructs users to start continuous comment monitoring and automated replies before clearly warning about the account, compliance, and enforcement risks of automating a social-media platform. In this context, automation can trigger platform anti-abuse systems, cause account restrictions or bans, and potentially facilitate spam-like outreach at scale.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document instructs users to manually extract and reuse their browser session cookie for authentication, which is effectively a bearer credential that can grant account access if exposed. In the context of an automation skill for monitoring comments, replying, and sending DMs, this normalizes insecure credential handling and could lead to account takeover, privacy loss, or unauthorized messaging if the cookie is mishandled, logged, or shared.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The troubleshooting guide instructs users to delete `config.json` and `stats.json` as part of a reset flow, but it does not explicitly warn that this will erase current configuration and historical statistics if the backup step is skipped or fails. In an automation skill that depends on persistent settings and account-related state, this can cause accidental data loss and service disruption during recovery.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guide recommends `python scripts/analytics.py clear` to fix inaccurate statistics without explicitly warning that the command erases existing analytics/history. Users troubleshooting routine reporting issues may run it expecting a recalculation or repair and unintentionally destroy audit or performance data needed for operations.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script accepts a sensitive Douyin session cookie and persists it in plaintext JSON on disk, with no access-control checks, encryption, masking, or warning to the operator. In the context of an automation tool that can act on behalf of a Douyin account, theft of this cookie could allow unauthorized account access or abuse of the linked account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal