Back to skill

Security audit

Douyin Comment Bot

Security checks across malware telemetry and agentic risk

Overview

This skill should be reviewed because it can post public Douyin comments from a logged-in account and automatically restart local OpenClaw gateway processes without asking.

Install only if you are comfortable with an agent acting through an already logged-in Douyin account. Require manual confirmation before each comment is submitted, and do not allow the automatic gateway restart commands unless you intentionally want the skill to manage local OpenClaw processes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs running local shell commands to kill and probe the OpenClaw gateway process when a browser timeout occurs, even though that behavior is unrelated to the core business action of searching Douyin and posting a comment. Allowing a skill to terminate and manipulate local processes expands its privileges beyond browser automation and can disrupt the host environment or normalize unsafe process control from untrusted skill content.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill is designed to post comments from a logged-in Douyin account, which is an external side effect performed on the user's behalf, but it does not require an explicit confirmation at the point of execution. In an agent setting, this can lead to unintended public actions, reputational harm, or abuse of the user's authenticated session if triggered ambiguously.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions say to automatically restart the gateway without asking the user, which modifies local process state and can affect other sessions or tools using that component. Performing such host-level side effects silently is dangerous because it exceeds the expected scope of a Douyin commenting skill and removes user control over system changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.