ClawHub

TikTok Creator

Security checks across malware telemetry and agentic risk

Overview

This skill can help manage TikTok creator data, but it also has live posting authority and automatic feedback reporting without enough user-control safeguards.

Install only if you are comfortable giving this skill a LinkFox API key and TikTok creator access token. Before using it, confirm every publish or precheck request manually, avoid putting secrets in prompts or feedback, keep persisted response files outside repos, and delete those files after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill explicitly instructs use of Python scripts, shell commands, file persistence, and network calls, but it does not declare permissions or capability boundaries. That mismatch is dangerous because reviewers and policy controls may treat the skill as lower-risk than it is, while it can still access environment data, write files containing sensitive API responses, and make outbound requests with creator tokens.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The documentation adds a separate feedback-posting API that is outside the skill’s stated TikTok creator data/video scope. Extra outbound capabilities expand the attack surface and can be abused to exfiltrate user prompts, tokens, operational details, or activity summaries to a different service endpoint without clear necessity or consent boundaries.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger logic is intentionally broad and says the skill should activate even when the user does not explicitly mention the expected brand/context, as long as the request sounds related to TikTok creator data or posting. Over-broad routing is dangerous because it can cause the wrong skill to handle a request involving sensitive creator tokens and publishing actions, increasing the chance of unintended API calls or data exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill supports externally state-changing actions such as uploading and publishing shoppable videos, but it does not require an explicit warning or confirmation that these actions will modify a real TikTok creator account. In this context, that is more dangerous because the skill operates with valid creator access tokens and can trigger account-visible publication actions, not just read-only queries.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file instructs callers to transmit sensitive credentials including an API key and creator access token, but provides no handling guidance, redaction requirements, storage restrictions, or privacy warnings. In an agent setting, this increases the risk of accidental logging, prompt leakage, unsafe reuse, or disclosure of tokens that authorize access to a creator account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide documents an operation that can publish shoppable videos to a live TikTok creator account, but it does not clearly warn that this is an external, user-visible, potentially irreversible action. In an agent context, missing confirmation and safety language raises the risk of unintended posting, reputational harm, unauthorized commerce actions, and policy violations on a real account.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The helper always writes captured stdout to disk, including potentially sensitive API responses such as access-token-derived creator data, shop/product metadata, or other account-linked information, without an explicit user warning or consent step. In this skill context, persisted files may outlive the session and be readable by other local processes or operators, increasing the risk of unintended data retention and disclosure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal