ClawHub

抖音账号诊断宗师

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Douyin analytics skill that uses a Redfox API key to look up account data, with some scoping and disclosure caveats but no evidence of hidden, destructive, or unrelated behavior.

Install only if you are comfortable configuring a Redfox API key and having the Douyin account names or IDs you enter sent to Redfox for lookup, potentially consuming API credits. Prefer explicit commands and treat any non-Redfox fallback result as lower confidence.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The workflow instructs the agent to fall back to web search when the API returns code 3201, but later states that all account and work data must come only from the Redfox API and must not be sourced elsewhere. This policy contradiction can cause the agent to mix trusted and untrusted data sources, producing unsupported reports or misleading users about data provenance.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation guidance says users can simply mention the Douyin account they want to diagnose in natural language, with no fixed commands. This creates an over-broad trigger surface where ordinary conversation about a Douyin account could unintentionally invoke the skill, causing unexpected external API calls and disclosure or processing of third-party account data without clear user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example phrase "Liangtian Douyin analysis" is generic enough to overlap with normal speech or discussion, especially in multilingual or loosely structured chat. A trigger this broad can cause accidental invocation, leading to unintended data retrieval, unnecessary API-key-backed requests, and user confusion about why the skill activated.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases are broad enough that normal conversation about Douyin analysis could activate the skill unintentionally, which can cause external API use and data transmission without the user clearly intending to invoke this specific tool. In this skill’s context, unintended activation is more concerning because account names or IDs may be sent to a third-party service and may consume paid API credits.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes querying Douyin accounts through the Redfox API but does not prominently warn users that supplied account names or IDs are transmitted to an external third-party service. This creates a transparency and privacy issue because users may disclose identifiers without informed consent, especially when the skill can be triggered from natural language.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases include broad natural-language patterns such as generic requests to analyze or view Douyin data, which can cause the skill to activate on loosely related user messages. In an agent environment, overly broad invocation can lead to unintended network requests to third-party APIs, unnecessary consumption of paid credits, and processing of account identifiers without clear user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill sends user-provided account names or IDs to a third-party API, but the workflow does not require any user notice, consent, or privacy disclosure before transmission. Even if the identifiers are public-facing social media handles, silently forwarding them to an external service can create privacy, compliance, and trust risks, especially if queries are logged or correlated.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal