Deepsop Douyin 协作台

Security checks across malware telemetry and agentic risk

Overview

This Douyin upload skill is purpose-aligned, but it automatically installs and runs unpinned third-party automation code and can fall back to unofficial mirrors without clear user approval.

Review this skill before installing. Only use it if you are comfortable with OpenClaw cloning and running the external social-auto-upload project, installing dependencies and Chromium, storing Douyin login state locally, and potentially publishing to a live Douyin account. Avoid automatic mirror fallback unless you trust the mirror source, and confirm the exact account, files, title, tags, and schedule before any upload.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The document instructs the agent to automatically clone and execute code from several unofficial mirror domains (Gitee, gh-proxy, gitmirror) if GitHub access fails. This expands the trust boundary from the original upstream repository to third-party mirrors without integrity verification, creating a clear supply-chain risk where a tampered mirror could deliver malicious code that is then executed locally via uv.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The skill directs the agent to automatically prepare a full local execution environment, including dependency installation and later browser binary installation. Automatically setting up and running a third-party automation stack increases attack surface and can lead to unreviewed code execution on the user's machine, especially in a skill whose core purpose is social-media upload automation.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README states that OpenClaw will automatically clone a repository and prepare dependencies on first use, but it does not prominently warn users that installing and executing third-party code will modify the local system. This can mislead users into triggering code fetch/execution with insufficient informed consent, increasing supply-chain and unintended system-change risk.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The upload workflow inherently sends data to external Douyin services, but the README examples do not clearly warn users that invoking upload will perform outbound network requests and transmit the selected video and metadata. In a security-sensitive agent context, omission of network-transmission disclosure can cause unintended data exfiltration or privacy-impacting actions.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill description says OPclaw will automatically clone the external social-auto-upload project and prepare dependencies, but it does not present this as a clear warning about network access and local system modification. Users may invoke the skill expecting a simple upload workflow without realizing it will fetch and install third-party code on first use.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: These instructions require the agent to automatically clone external code, run dependency installation, and retry through multiple mirror domains without an explicit user-facing consent step. This is dangerous because it authorizes local environment changes and execution of unpinned third-party code from alternate sources, which increases supply-chain and transparency risks.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instructions tell the agent to automatically clone from third-party mirrors and proceed without warning the user about source authenticity or trust implications. In context, the cloned repository is then used to install dependencies and run automation code, so lack of provenance checks materially increases the chance of silent supply-chain compromise.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script is designed to automatically perform Douyin login, account checking, and content uploads in sequence with no interactive confirmation, dry-run mode, or warning before external actions occur. In an agent skill context, this increases the risk of unintended account actions, accidental posting, or misuse of authenticated sessions if the example is executed or adapted directly.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The script includes ready-to-run headless login, account checking, and content upload commands that perform authenticated actions on a Douyin account without any built-in warning, interactive confirmation, or safeguard. In the context of an automation skill for social-media uploads, this increases the risk of accidental account actions, misuse on the wrong account, or silent posting when a user executes the example as-is.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal