Tiktok Shop Publish

Security checks across malware telemetry and agentic risk

Overview

This skill fits TikTok Shop automation, but it needs Review because it handles shop credentials, session cookies, order/customer data, and external Feishu sharing with weak safeguards and disclosure.

Review carefully before installing. Use mock mode first, avoid personal session cookies, provide least-privilege TikTok and Feishu credentials, inspect the local config file permissions, and enable fulfillment, refunds, inventory changes, pricing changes, video publishing, and Feishu sync only after confirming approval controls and exactly what customer data leaves your environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (12)

Intent-Code Divergence

Medium

Confidence: 99% confidence
Finding: The exported getCurrentAccount function shadows the imported symbol of the same name and then calls itself recursively, causing infinite recursion and a stack overflow whenever other modules use it. This creates a reliable denial-of-service condition for any workflow that depends on retrieving the current account, and in this account-management context it can break authentication/account selection logic across the skill.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README promotes unattended automation for order handling, competitor-based price adjustment, and emailed reporting without documenting safeguards, approval gates, rate limits, rollback behavior, or failure modes. In an e-commerce context, this can lead to erroneous order actions, harmful repricing, policy violations, or unintended disclosure through outbound reports, making the omission a real operational security and safety concern.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill advertises automatic order confirmation, fulfillment, refund/return handling, and buyer notifications without clearly warning that these actions can trigger irreversible business operations and affect customer data. In an agent setting, users may invoke automation that ships orders, processes refunds, or sends customer communications without understanding the operational and privacy consequences.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documented ability to export customer data is presented as a normal feature without any privacy, legal, or data-minimization guidance. This increases the risk of unauthorized bulk extraction of personally identifiable information, mishandling of regulated data, or transfer of customer records beyond their intended purpose.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The command interactively collects API keys, secrets, and webhook tokens, then persists them to a local JSON config file with no visible warning, consent step, or evidence of permission hardening in this file. This is dangerous because users may unknowingly store long-lived credentials in plaintext on disk, where they can be exposed through weak file permissions, backups, malware, or accidental sharing.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The return-processing function performs an irreversible state change by calling updateOrderStatus with refunded/returned directly from user-supplied options, then immediately sends a notification. There is no confirmation step, authorization check, validation of allowed transitions, or dry-run/safety prompt, so an accidental or unauthorized invocation could trigger real refund/return actions and customer-facing messages.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: When low-stock products are detected, the code sends product inventory details to an external Feishu integration without an explicit user-facing consent step or clear disclosure at the moment of transmission. Even if this is expected operational behavior, inventory levels and product identifiers can be commercially sensitive, so silent outbound sharing increases data exposure risk and may violate least-privilege or compliance expectations.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: This code exports customer PII, including name and email, and order data to an external Feishu Bitable service without any minimization, consent check, or policy enforcement in the module. In environments with privacy or data residency requirements, this can cause unauthorized third-party disclosure of customer data and compliance violations.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The webhook messaging function sends arbitrary message content to a configured external URL, which may include sensitive business or customer information. Because the destination is fully configuration-driven and there are no allowlists, warnings, or content controls, misconfiguration or abuse can turn this into an unintended data exfiltration path.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This test modifies and persists configuration values during execution without warning the user, which can silently alter webhook endpoints and integration settings. In an automation/integration context, unexpected state changes can redirect notifications, break future runs, or cause the tool to operate against unintended environments.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This code again updates and saves persistent Feishu-related settings as part of a test, creating hidden side effects outside the test scope. Because these settings influence external integrations, leaving modified values behind can misroute data or disrupt legitimate production usage.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The configuration management test writes an extra field into the persisted config file solely to verify save/load behavior, but it does so without disclosure or cleanup. Persisted test artifacts can corrupt expected config shape, interfere with other code paths, and create confusing long-lived state for operators.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal