Back to skill

Security audit

Doubao Media

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for Doubao media capture, but it handles logged-in browser cookies and traffic with weak scoping and plaintext persistence, so users should review it carefully before installing.

Install only if you are comfortable letting this skill act through your logged-in Doubao browser session. Use a dedicated browser profile, enable Chrome remote debugging only while using the tool, choose the output directory carefully, and delete the saved session file plus capture manifests/downloads when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly relies on sensitive capabilities such as browser session reuse, cookie acquisition, and local session storage, yet no explicit permissions are declared. That mismatch is dangerous because it obscures the true security boundary of the skill and can cause users or hosting frameworks to authorize more access than they realize, especially where browser cookies represent account-bearing credentials.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The login helper pulls cookies from the browser via CDP and persists all cookies matching doubao.com, bytedance, or douyin.com, which is broader than necessary for a Doubao-only media extraction workflow. Those cookies can represent authenticated sessions across multiple related services, so storing them locally creates a credential-harvesting and cross-service account-takeover risk if the file is exposed or reused by other code.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly describes capturing browser cookies, monitoring live browser traffic, extracting SSE responses, and downloading generated assets, but it does not provide a clear privacy/security warning about collecting authentication tokens, personal content, or other sensitive data present in requests and responses. In this context, the absence of a strong warning is especially dangerous because the skill is designed around intercepting authenticated web activity, which can expose account access and user data beyond the intended media artifacts.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
This script captures browser network traffic from a live Doubao session and persists discovered URLs and related metadata to local manifest and summary files. In this skill context, those URLs can embed access tokens, signed media links, conversation-derived asset references, or other sensitive request/response artifacts, so silently writing them to disk increases the risk of unintended local disclosure and later reuse.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
When --download is enabled, the script automatically retrieves and stores remotely hosted media assets derived from captured browser traffic. In this context, the assets may be private, token-gated, or user-generated content obtained from authenticated sessions, so downloading them without a strong warning and confirmation can lead to unintended retention of sensitive or rights-restricted material on disk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The chat command sends both the user's message and authenticated browser-derived session cookies to www.doubao.com, but this file provides no explicit consent prompt, warning, or guardrail at the point of transmission. In a skill specifically designed to reuse browser cookies and extract media from a web session, silent transmission of user input plus authentication material increases privacy and account-misuse risk if the operator does not fully understand what is being sent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
writeSession stores captured session material as plaintext JSON in a predictable file under the user profile. Browser session cookies are effectively bearer tokens, so any local process, malware, backup system, or other user with access to that file can replay the session and impersonate the user.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The function automatically reuses stored cookies to make authenticated requests to Doubao and retrieve SSE responses, which means sensitive browser-derived credentials are being exercised programmatically without any interactive confirmation at use time. In this skill's context, that directly enables automation against a live logged-in account and increases the blast radius if the stored session is stale, overbroad, or obtained without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/doubao_session.js:35