subprocess module call
Medium
- Category
- Dangerous Code Execution
- Content
def run(cmd: str): print(f"$ {cmd}") subprocess.run(cmd, shell=True, check=True) def main():- Confidence
- 97% confidence
- Finding
- subprocess.run(cmd, shell=True, check=True)
Douyin Comment Auto Reply
Security checks across malware telemetry and agentic risk
Overview
This skill is mostly coherent for Douyin comment management, but its live browser automation can post public replies from a user’s account without a strong confirmation gate.
Install only if you are comfortable with a tool that can publish replies from your Douyin account. Use draft and dry-run modes first, review the generated JSON, keep `--max-replies` low, avoid `--force-review` unless you inspected every reply, and do not pass untrusted values into `--browser-cmd`, URL, or selector arguments. For safer operation, use a vetted local browser automation command instead of runtime `npx` and add a manual confirmation step before live sending.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
- Behavioral ASTexec() Call, eval() Call, Dynamic Import
- MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)
Context-Inappropriate Capability
Medium
- Confidence
- 92% confidence
- Finding
- The skill goes beyond analysis and drafting into live browser automation that can submit public replies on a Douyin account via an external executor. Any skill that can take account actions is materially riskier because selector mistakes, prompt misuse, or maliciously crafted draft files could cause unintended posting, reputational damage, or policy-violating bulk behavior.
Intent-Code Divergence
Low
- Confidence
- 74% confidence
- Finding
- The skill claims it is not for mass spam, but it also provides batch drafting and an automated send path that can operationally scale replies. That inconsistency matters because users may treat the stated guardrail as sufficient while the actual workflow still enables high-volume automated posting that can drift into spam or platform-abuse patterns.
Missing User Warnings
Medium
- Confidence
- 90% confidence
- Finding
- The instructions describe a real-send workflow for public account actions without a prominent warning that running the command will post live replies from the user's Douyin account. Missing an explicit live-action warning and confirmation step makes accidental execution more likely, especially since the dry-run and real-send commands are nearly identical.
Missing User Warnings
Medium
- Confidence
- 89% confidence
- Finding
- This code performs live browser fills and clicks that post public replies immediately, with no per-reply confirmation, preview gate, or explicit safety warning before submission. In this skill context, the tool is specifically designed to semi-automate public comment responses on a social platform, so mistakes in drafted content, selector mismatches, or poisoned input can cause unintended public posts, reputational harm, or policy violations at scale.
VirusTotal
55/55 vendors flagged this skill as clean.