ClawHub

Douyin Creator Marketplace (Xingtu) API

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed JustOneAPI wrapper for read-only Douyin/Xingtu creator marketplace data, with a token-handling caveat but no evidence of hidden or destructive behavior.

Install only if you trust JustOneAPI with your Douyin/Xingtu API access. Keep JUST_ONE_API_TOKEN in an environment variable, avoid sharing full request URLs or command logs, and rotate the token if you suspect it appeared in logs or captured process output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The manifest description materially understates the skill's capabilities by claiming coverage is limited to creator Profile, Link Structure, and Visibility Status, while the operation list exposes broad search, analytics, pricing, audience, conversion, video, and item-report endpoints. This mismatch can mislead users or downstream policy systems into granting access under a narrower trust assumption than the skill actually warrants.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill metadata says it is limited to creator Profile, Link Structure, and Visibility Status, but the operations file exposes a much broader set of analytics, search, audience, conversion, and item-report endpoints. This creates a scope-mismatch vulnerability because users or downstream agents may grant trust or permissions based on the narrow description while the skill can access substantially more data than advertised.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill sends the authentication token as a query-string parameter, which can be exposed through logs, browser history, proxy/CDN access logs, monitoring systems, crash reports, and referrer leakage patterns. Even though the base URL uses HTTPS, query parameters are routinely recorded by infrastructure, making credential disclosure more likely than if the token were sent in an Authorization header.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The API requires the authentication token to be sent in the query string, which causes credentials to be embedded in URLs. Query parameters are commonly captured in logs, browser history, reverse proxies, observability tooling, referrer headers, and shared traces, making accidental credential disclosure significantly more likely even when HTTPS is used.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Documenting authentication tokens as query parameters is dangerous because URLs are commonly logged by clients, proxies, gateways, browser history, analytics systems, and server access logs. In a skill context, this raises the chance of credential leakage and replay, especially across many GET endpoints that repeatedly require the token in the URL.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal