crawling

Security checks across malware telemetry and agentic risk

Overview

This is a coherent TikTok scraping guide, but it encourages browser-session cookie use and unattended scraping without enough safety boundaries.

Review carefully before installing. Use this only for content and accounts you are authorized to access, avoid using your main browser profile, keep cookie files private, and remove any cron job when the scraping task is finished. Do not send private or restricted scraped data to external APIs unless you understand and accept that data exposure.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: This section encourages use of browser cookies and uploading scraped exports to an external API without clear warnings about sensitive data, account session handling, consent, or destination trust. In an agent skill context, that can lead users to expose authenticated session material or transmit scraped personal data off-system with insufficient review.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal