Security audit

Grab Douyin - Video Downloader

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent Douyin downloader, but it tells agents to run on mere Douyin-link detection and uses a local TikHub token to contact a third-party API without clear per-use user control.

Install only if you are comfortable sending Douyin links or video IDs to TikHub using a TikHub API token stored in ~/.openclaw/config.json. Treat this as a Review item because the skill asks agents to run on mere link detection; users should require explicit confirmation before contacting TikHub or downloading files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger phrases are broad enough that ordinary user requests like 'save this video' or 'fetch a clip' could invoke the downloader without clear platform-specific intent. That can cause the agent to send user-provided links or IDs to an external API and potentially write files to disk when the user did not intend to use this specific skill.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: Automatically invoking the skill on any detected Douyin URL, even without a download request, is risky because mere mention of a link can trigger network requests to a third-party service. In an agent setting, this increases the chance of unintended external data sharing and unrequested file operations, especially if users are discussing or quoting links rather than asking for action.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents download commands and default save paths but does not clearly warn at invocation time that running in download mode writes an MP4 to local storage. In agent environments, unannounced disk writes can surprise users, consume storage, and create privacy or policy issues if media is saved automatically.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script sends user-supplied Douyin identifiers and a bearer token to a third-party service (TikHub) without any explicit disclosure or consent flow. In an agent-skill context, this can cause unintended external sharing of user data and credentials, especially when the skill is auto-invoked whenever a Douyin link is merely detected.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal