Douyin (TikTok China) Video Details API

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow JustOneAPI helper for one Douyin video-detail endpoint, with a real but disclosed credential-handling caution.

Install only if you are comfortable sending a JustOneAPI token to api.justoneapi.com. Because the token travels in the URL query string, avoid environments that log full request URLs and prefer a limited or disposable token if the provider supports one.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill defines the API access token as a query parameter and later appends all query parameters directly into the request URL. Query-string credentials are commonly exposed in logs, browser/history tooling, intermediary proxies, monitoring systems, and error reports, increasing the chance of credential leakage even when HTTPS is used.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal