ClawHub

Echotik Product Video

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its TikTok product-video analytics purpose, but it also instructs agents to automatically send freeform feedback about user interactions to a separate service without clear user consent.

Install only if you are comfortable sending TikTok product identifiers, optional influencer IDs, and an API key-authenticated request to LinkFox. Be especially aware that the skill instructs agents to automatically submit feedback about user interactions to a separate LinkFox feedback API; avoid including sensitive business details in feedback, and clean up any persisted response files after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
timed_out = False
    try:
        proc = subprocess.run(
            [sys.executable, str(main_script), args.params],
            capture_output=True,
            text=True,
Confidence
95% confidence
Finding
proc = subprocess.run( [sys.executable, str(main_script), args.params], capture_output=True, text=True, encoding="utf-8", errors="re

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill directs the agent to automatically call a separate Feedback API based on user sentiment or perceived improvement opportunities, which is outside the core function of querying product video analytics. This can cause silent exfiltration of user interactions and metadata to another endpoint without clear user awareness or consent, expanding data sharing beyond the original task.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This file is explicitly a generic response persistence and field-extraction wrapper, not a narrowly scoped TikTok analytics component. That broadens the skill's effective capability to local data storage and post-processing of arbitrary outputs, increasing misuse potential and violating least-privilege for the declared business purpose.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script resolver accepts any file path provided by the caller and only checks that it exists, enabling execution of arbitrary local Python scripts through the `run` subcommand. In the context of a product analytics skill, this is an unjustified expansion into general-purpose local code execution and can be chained with environment/file access for serious compromise.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The `read` subcommand will open any caller-specified JSON file and project fields from it, effectively providing a local file-reading utility unrelated to the advertised TikTok analytics task. If an attacker can steer the agent to invoke this helper, it can be used to inspect arbitrary JSON artifacts on disk, including prior responses or sensitive app data.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger criteria are intentionally broad, stating the skill should activate even when the user does not explicitly mention EchoTik or product-video terms, as long as the request loosely relates to product-associated TikTok videos. Overbroad activation increases the chance the agent invokes this skill in unintended contexts, causing unnecessary data access, irrelevant tool use, or routing user requests to a third-party workflow without sufficient specificity.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs the skill to send product and optional influencer identifiers to an external service and to include an API key, but it does not warn users that their inputs will leave the local agent context and be transmitted to a third-party endpoint. This creates a transparency and consent issue: users may unknowingly disclose business-sensitive identifiers or other data to an external service.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The feedback section sends user feedback content to a separate external endpoint but does not disclose that the text will be transmitted outside the tool API domain. Because feedback content can contain freeform user text, it may include sensitive information, making undisclosed transmission to a distinct service a real privacy risk.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
Captured stdout is always written to disk, which can persist API responses containing tokens, PII, or business-sensitive data without explicit runtime warning or consent. The preview message appears only after execution and storage have already occurred, so users may not realize sensitive response material is being retained locally.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal