ClawHub

Tiktok Android

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it deserves review because it can automatically post public TikTok comments from a logged-in Android device and may send screenshots to AI providers.

Install only if you are comfortable letting OpenClaw control an Android device and post publicly as the logged-in TikTok account. Use a dedicated account/device, start with very small limits, avoid cron until you have monitoring and an easy disable path, and use static comments instead of AI mode if you do not want screenshots sent to external providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
Command output
        """
        try:
            result = subprocess.run(
                ["adb", "-s", self.device_id, "shell", command],
                capture_output=True,
                text=True,
Confidence
94% confidence
Finding
result = subprocess.run( ["adb", "-s", self.device_id, "shell", command], capture_output=True, text=True, timeout=timeout

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
response = input("Run interactive setup now? [Y/n]: ").strip().lower()
    if response in ['', 'y', 'yes']:
        print("\nStarting setup wizard...\n")
        os.system("python3 setup.py")
        if not os.path.exists("config.py"):
            print("\n❌ Setup was not completed. Exiting.")
            sys.exit(1)
Confidence
89% confidence
Finding
os.system("python3 setup.py")

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
This code reads a local screenshot, base64-encodes it, and transmits it to a third-party AI vision service. Screenshots from an Android automation workflow can contain sensitive account data, private messages, profile details, or other on-screen secrets, so exfiltrating them to external providers expands the skill's data exposure beyond local ADB automation.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill includes a capability to capture a full-device screenshot and export it locally, which exceeds the narrowly described TikTok comment automation purpose. This broadens the data-access surface and can expose unrelated app content, messages, credentials, or personal information visible on screen. In an agent skill context, undocumented screen exfiltration capability is materially more dangerous because it can be repurposed for surveillance.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README encourages AI-generated commenting based on screenshots/video context and scheduled automation, but it does not clearly warn that screenshots of TikTok content may be transmitted to third-party AI providers. In this skill context, that omission is more dangerous because the bot is designed to capture content from a real mobile app and automate repeated processing, increasing the chance of unintentional sharing of personal or copyrighted data with external services.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill is designed to post comments on a user's TikTok account and even supports scheduled automation, but the usage section does not clearly warn that invoking these commands can cause real account actions without per-comment confirmation. In this context, that is dangerous because users may trigger mass posting, account-policy violations, reputation damage, or unwanted spend on AI-generated comments before understanding the consequences.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script automatically posts comments to TikTok without an explicit confirmation step, dry-run mode, or warning that it will modify an external account. In the context of a social-media automation skill, this is risky because it can cause unintended account actions, spam-like behavior, policy violations, or reputational damage if run against the wrong account or content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The code captures and stores screenshots of TikTok search results and videos to local disk without warning the operator that user/app content will be retained. In this skill's context, screenshots may contain usernames, profile data, comments, or other sensitive content, creating privacy and data-handling risk if files are shared, synced, or left on disk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script automates posting TikTok comments at scale without any confirmation gate, dry-run mode, or explicit operator warning before live actions occur. In this skill context, that directly enables spammy or abusive engagement campaigns and makes accidental misuse much more likely.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The code captures and stores screenshots from TikTok sessions to local files without informing the operator about local retention or giving a way to disable capture. In this context, screenshots may contain usernames, profile content, comments, and other personal data, creating unnecessary privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The function sends full screenshot image data to Anthropic without any notice, consent, or visibility in this code path. That creates a privacy risk because users may not realize that on-device TikTok content and surrounding UI elements are being uploaded to an external service for processing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This code uploads screenshot data to OpenAI using an inline base64 data URL without any user-facing disclosure in the execution path. Because screenshots may include sensitive or unintended content, silent transmission to a third party creates a meaningful privacy and data-governance issue.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The OpenRouter path also transmits screenshot contents to an external provider without any disclosure in this code path. Since OpenRouter may route requests to multiple underlying model providers, the data-sharing surface can be broader and less transparent than a single direct provider integration.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The screenshot feature saves full device screen contents to a local file without any explicit user confirmation or warning. Because mobile screens may contain sensitive data unrelated to TikTok automation, silent export increases the risk of unintentional collection and local disclosure. In the context of an automation skill, this hidden capture capability is more concerning because it can be invoked programmatically and at scale.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Screenshots of the user's Android device are captured and sent to an external AI provider for comment generation without any explicit notice or consent flow in this file. Because device screenshots may contain sensitive personal data, this creates a privacy and data-exfiltration risk that is amplified by the automation context.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The tool automates posting comments to TikTok without an explicit confirmation step immediately before account-modifying actions. In this skill context, the purpose is mass engagement automation, so the lack of friction materially increases the chance of unwanted account actions, platform abuse, or accidental spam from the user's account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal