ClawHub

TikTok Content Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed TikTok/Postiz automation skill with real posting power, but I found no hidden, deceptive, destructive, or unrelated behavior.

Install only if you intend to let this skill operate a connected Postiz/TikTok account. Use a test account or draft mode first, avoid passing API keys via CLI arguments, keep local account/output folders private, and do not enable cron or live posting until you have reviewed the generated content and target account configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly promotes automated content generation, posting, scheduling, and optimization against external TikTok/Postiz accounts, but it does not warn users that the skill can publish to real accounts or affect live content. In an agent-skill context, this omission is risky because a user may invoke the skill expecting analysis or draft generation while the automation performs irreversible external actions such as publishing or scheduling posts.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The setup guide explicitly instructs users to enable `--post` for automated draft posting and `--auto-improve` for automated optimization, but it does not provide any warning, confirmation step, or explanation of the account-level consequences. In a social-media automation skill, these actions can directly affect live accounts, publishing behavior, reputation, and platform compliance, so the omission materially increases the chance of unintended or harmful account actions.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The documentation promotes commands that can publish content and modify account configuration through a third-party service, but the warning is brief and not placed directly alongside the risky examples. This can lead users to run auto-posting or auto-improve commands without fully understanding that account data will be transmitted externally and that live account state may be changed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
When autoImplement is enabled, the engine executes optimization actions that may alter local files or scheduling/workflows without an explicit confirmation step at the point of change. In an agent skill context, silent mutation of user content or automation state is risky because downstream helper methods like _rotateToTopHooks or _generateHookVariations can perform writes based on analytics-derived inputs, increasing the chance of unintended or unsafe changes.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The API key is loaded from the environment and then injected into a shell command line for execSync. Although _shellEscape reduces command-injection risk, passing secrets on the command line can expose them to process listings, audit logs, crash reports, or debugging tools, which is an unnecessary credential-handling weakness in a skill that invokes external CLI processes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal