TikTok/Douyin 创作流水线

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it includes an unsafe background transcription command and broad social-data scraping capabilities that need review before installation.

Install only if you are comfortable giving the agent a TikHub API key, making paid TikHub calls, downloading platform media, and collecting social-platform comments or user data. Avoid the CPU Whisper/background path until the shell=True nohup command is fixed, use a limited API key, monitor balance, and only collect data you are authorized to use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (8)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: log_file = f"/tmp/whisper_{os.path.basename(audio_path)}.log" nohup_cmd = f"nohup {' '.join(cmd)} > {log_file} 2>&1 &" print(f"🚀 Whisper 后台转写启动，日志: {log_file}") subprocess.run(nohup_cmd, shell=True) print(f"📝 文字稿将保存到: {output_path}") print(f"⏱️ medium 模型 CPU 转写 1 分钟音频约需 1-2 分钟，请耐心等待") return output_path
Confidence: 99% confidence
Finding: subprocess.run(nohup_cmd, shell=True)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The activation text is broad enough to trigger on common requests involving videos, comments, user info, downloads, or TikHub API usage, which can cause the skill to activate outside narrowly intended contexts. Over-broad routing increases the chance that scraping, downloading, or transcription actions occur when the user did not specifically request those sensitive operations.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill prominently supports scraping comments, retrieving user/follower-related data, and bulk downloading media, but provides no user-facing safeguards about privacy, consent, terms-of-service, or lawful use. In this context, omission of such warnings materially increases the risk of abusive collection of personal data and large-scale content extraction.

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests openai-whisper mlx-whisper ffmpeg
Confidence: 98% confidence
Finding: requests

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests openai-whisper mlx-whisper ffmpeg
Confidence: 95% confidence
Finding: openai-whisper

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests openai-whisper mlx-whisper ffmpeg
Confidence: 95% confidence
Finding: mlx-whisper

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests openai-whisper mlx-whisper ffmpeg
Confidence: 84% confidence
Finding: ffmpeg

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High

Category: Supply Chain
Confidence: 99% confidence
Finding: requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal