ClawHub

Douyin Download

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it downloads Douyin/TikTok videos locally, but it uses exported site cookies and a local proxy that users must trust.

Install only if you are comfortable exporting Douyin/TikTok cookies for this task. Keep the cookie file private, remove it when no longer needed, and confirm that 127.0.0.1:7897 is your own trusted local proxy before running because authenticated traffic or media URLs may pass through it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and relies on network access and local environment artifacts such as cookies and proxy settings, but does not declare permissions or capability boundaries. Undeclared capabilities make it harder for users or the platform to understand what the skill can access, increasing the risk of unexpected data exposure or misuse.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger phrases include broad terms like 'save TikTok' and 'download Douyin video', which may activate on generic requests beyond the narrow intended workflow. Overbroad activation can cause the skill to run in inappropriate contexts, increasing the chance of unnecessary network actions or prompting users to provide sensitive browser cookies.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script loads exported Douyin/TikTok browser cookies and injects them into a Playwright browser context, then uses that authenticated context to access a user-supplied URL. This can cause the user's authenticated session data to be used over the network without explicit notice or consent at runtime, exposing account-linked access and making credential misuse easier if the URL or environment is untrusted.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script forcibly sets global HTTP_PROXY and HTTPS_PROXY environment variables and routes both browser traffic and the direct video download through a local HTTP proxy, with no disclosure or validation. Because cookies and downloaded content may traverse that proxy, a malicious, misconfigured, or monitored proxy could observe sensitive browsing metadata, authenticated requests, or media URLs.

YARA rule 'info_stealer': Information stealer patterns (credential harvesting, browser data theft) [malware]

High
Category
YARA Match
Content
|------|------|
| Chrome 扩展 | 安装 [Get cookies.txt](https://chrome.google.com/webstore) (可选,如果无法下载再装) |
| 导出 Cookie | 访问 douyin.com → 点扩展 → Export → 保存到 `sessions/cookies/cookies.txt` |
| 代理 | Clash Verge 或任意 HTTP 代理,运行在 `127.0.0.1:7897` |
| Python 包 | `playwright`, `requests` |

> 注意:Cookie 只需要导出一次,除非过期。文件保存在你自己的电脑上,不会上传。
Confidence
87% confidence
Finding
cookies.txt](https://chrome

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal