TikTok User Profile API

Security checks across malware telemetry and agentic risk

Overview

This is a narrow JustOneAPI wrapper for fetching TikTok profile details, with disclosed credential and privacy considerations but no hidden or destructive behavior found.

Install only if you trust JustOneAPI and are comfortable sending TikTok profile lookup requests and your JustOneAPI token to api.justoneapi.com. Treat returned profile information as personal data, avoid harassment or covert profiling uses, and keep the token out of chats, logs, screenshots, and shell history where possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Low

Confidence: 88% confidence
Finding: This is a JSON manifest file, so vague-trigger checks apply. The description and operation text explain what the API does, but they do not provide any explicit activation phrases, scope limits, or negative examples, which can make invocation conditions ambiguous in systems that derive activation from manifest text.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal