Back to skill

Security audit

Douyin & TikTok Trend Fetcher

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed TikTok/Douyin trend helper, with only a minor risk of triggering on overly broad trend-related requests.

Install if you want help with TikTok/Douyin trend analysis, but be aware it may activate for generic trend or hot-topic requests. For ambiguous requests, confirm the intended platform before relying on its output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad enough that the skill may activate for generic requests about 'hot topics' or 'content trends' that are not specifically about TikTok or Douyin. This can cause unintended routing, unnecessary external fetches, and incorrect responses, though it does not directly create a code execution or data exfiltration path.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.