Back to skill

Security audit

TikTok Video Products

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its TikTok product-query purpose, but it includes an overbroad helper that can run arbitrary local scripts and inherit environment secrets.

Review before installing. Use this only in an environment where running its scripts and calling LinkFox/TikTok APIs is acceptable, avoid pointing response_io.py at arbitrary scripts, keep sensitive environment variables out of the agent session when possible, and be aware that large API responses may be written to local files and feedback may be sent to LinkFox.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
timed_out = False
    try:
        proc = subprocess.run(
            [sys.executable, str(main_script), args.params],
            capture_output=True,
            text=True,
Confidence
97% confidence
Finding
proc = subprocess.run( [sys.executable, str(main_script), args.params], capture_output=True, text=True, encoding="utf-8", errors="re

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises executable workflows that use shell, local file access, environment access, and network calls, but it does not declare any permissions or capability boundaries. This creates a transparency and policy-enforcement gap: a host agent may permit broader execution than the user expects, increasing the chance of unintended data access, secret exposure, or outbound requests to external services.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The header and usage show this helper is intentionally generic and can run any script path provided by the agent, making it a reusable execution trampoline rather than a constrained TikTok product-list helper. In the context of an agent skill, this unjustified generality creates a privilege-expansion path where the skill can be repurposed to run unrelated local code and access local resources.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This block actively spawns a subprocess to execute caller-selected code, which gives the skill arbitrary local execution capability. For a skill whose description is limited to querying TikTok shop/showcase products, that capability is unnecessary and materially increases risk because any compromise or misuse of agent inputs can be turned into code execution.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger description contains many broad natural-language phrases for product lookup, without clear exclusion conditions or stronger routing constraints. In an agent system, this can cause the skill to activate on loosely related TikTok/product conversations and perform networked actions or file/script execution unexpectedly, which increases the attack surface for prompt-trigger abuse and user-confusion-driven misuse.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
# Force the child process to emit UTF-8 regardless of the host console
    # encoding (Windows defaults to cp936 / gbk and would otherwise corrupt
    # non-ASCII bytes when we read them back).
    child_env = os.environ.copy()
    child_env["PYTHONIOENCODING"] = "utf-8"

    timed_out = False
Confidence
95% confidence
Finding
os.environ.copy()

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.