Tiktok Auto Reply

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about automating TikTok replies, but it can run unattended with TikTok credentials and its dry-run safety claim is not actually enforced in the code.

Review before installing. Use a test or least-privilege TikTok app, avoid broad comment.create access unless you truly need automated public replies, keep watch mode visible and stoppable, and do not rely on dryRun as a safety control unless the code is fixed to skip all reply calls when dryRun is true.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The code prints that `dryRun=true` will prevent actual replies, but `dryRun` is never checked in `check()`, `watch()`, or `replyComment()`. In a skill designed to automate TikTok interactions, this mismatch can cause unintended live actions against user expectations, leading to unauthorized posting, account restrictions, or policy violations.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents collection of TikTok comments and use of API credentials, but it does not explain how comment data is handled, stored, transmitted, or protected. That omission can lead users to deploy the skill without safeguards for personal data or secrets, increasing the risk of credential leakage, unauthorized data retention, or noncompliant handling of user-generated content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal