Back to skill

Security audit

TikTok Video Auth

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed TikTok creator authorization skill that uses LinkFox APIs and tokens for its stated account-management purpose.

Install only if you trust LinkFox with TikTok creator authorization data and are comfortable providing LINKFOXAGENT_API_KEY. Treat any authorization URLs, openIds, and token-related outputs as sensitive, avoid saving response files unnecessarily, and confirm the intended TikTok account before token refresh or downstream video actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill describes concrete API calls, token handling, callback flows, and even Feedback API usage, yet no explicit permissions are declared. This creates a capability/permission mismatch that can hide the true trust boundary from reviewers and increase the chance of unintended network, file, or shell-enabled execution in the hosting agent environment.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are very broad, including many natural-language variants and a catch-all instruction that any request involving creator/video authorization or token management should invoke the skill. Over-broad triggering can cause the agent to enter a credential-management flow unexpectedly, increasing the chance of unnecessary token retrieval, account enumeration, or misuse in adjacent TikTok-related tasks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documented token-query and token-refresh responses include full accessToken and refreshToken values, which are bearer credentials that enable account access if exposed in logs, UI output, chat transcripts, or downstream tooling. Although the notes later say not to display full tokens to users, the API contract and examples still normalize returning raw secrets, increasing the chance of accidental disclosure by agents and integrators.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
The script transmits an API credential to an external service without any explicit user-facing disclosure at runtime beyond the source code itself. In a skill context, this can surprise operators or downstream users who invoke it indirectly, especially because it lists authorized accounts and may expose account metadata in the response.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The helper always writes captured stdout to disk, which may include OAuth tokens, account identifiers, or other sensitive API response data relevant to this TikTok authorization skill. Because persistence is automatic and the preview warning appears after writing, operators may unknowingly leave secrets in local files, increasing exposure through disk access, backups, or later reuse.

Credential Access

High
Category
Privilege Escalation
Content
| "绑定 TikTok 视频号用于上传视频" | 新视频号授权 |
| "看看已授权的 TikTok 视频号" / "Show my authorized TikTok video accounts" | 列出已授权账号 |
| "TikTok 视频上传令牌过期了" / "My TikTok video token expired" | 刷新令牌 |
| "获取 TikTok 视频号的访问令牌" / "Get TikTok video account access token" | 查询账号令牌 |

**Not applicable** — 超出本 skill 的业务:
Confidence
94% confidence
Finding
access token

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.