抖音涨粉账号推荐

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its Douyin ranking purpose, but its credential handling and agent-control instructions need human review before installation.

Install only if you are comfortable using a RedfoxHub API key with this skill and sending ranking queries to redfox.hk. Avoid echoing the full API key; check only that it is set or use a masked display. Prefer providing REDFOX_API_KEY in the current session instead of relying on shell startup file parsing, and review or clear the local cache if ranking-query history matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The workflow introduces a subscription/push-notification feature that is not described in the skill metadata, expanding the skill from on-demand ranking lookup into ongoing user engagement. This is dangerous because it creates hidden behavior and stateful interactions users and reviewers would not expect, increasing the risk of unauthorized notifications, consent gaps, and policy bypass via an undocumented capability.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The documented handling of subscription commands adds operational behavior beyond simple data retrieval and analysis, despite the manifest only promising ranking queries and trend analysis. This mismatch is risky because downstream systems, users, and reviewers may grant permissions or trust based on a narrower scope than the skill actually exercises.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The script accesses users' shell startup files to extract an API key, which expands host-data access beyond what is necessary for a ranking lookup tool. Even though it targets a specific variable name, reading dotfiles can expose sensitive local configuration and normalizes secret harvesting behavior without explicit consent.

Description-Behavior Mismatch

Medium

Confidence: 79% confidence
Finding: The tool silently writes fetched API results to a persistent cache under the user's home directory, which is broader persistence than a simple retrieval script implies. While the cached data is not obviously highly sensitive, unexpected local storage can leak query history or third-party data to other local users or later processes.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The activation description is broad enough to match generic requests about rankings, trend analysis, growth data, or operational reference, which can cause the skill to trigger in contexts the user did not intend. Over-broad triggering is dangerous because it may unnecessarily invoke networked code, expose external data flows, or steer the assistant into this skill when a safer or more appropriate response was expected.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: Telling users to 'directly state the category you want' without precise invocation boundaries encourages open-ended matching and increases the chance of accidental activation. In a skill that performs API-backed lookups and supports subscription actions, ambiguous triggers can lead to unintended external requests or workflow steps.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation instructs users to print the REDFOX_API_KEY to the terminal to verify configuration, which normalizes displaying the full secret in plaintext. This is risky because terminals may be recorded, shared, logged, or visible to others, leading to credential exposure and unauthorized API use.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The FAQ repeats the unsafe guidance to display the full API key value, increasing the likelihood of credential leakage through console history, screenshots, screen sharing, or logs. Repetition in troubleshooting sections makes the insecure behavior more likely to be copied during support scenarios.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script reads credentials from shell startup files without warning or confirmation, causing it to inspect private user configuration unexpectedly. This is dangerous because users may not realize the skill is parsing local dotfiles to obtain secrets, and that behavior can be repurposed in similar tools to overcollect host secrets.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal