jike-data-service

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Douyin marketing-data tool, but it needs review because its API-key handling and remote keyword changes are not tightly controlled.

Install only if you trust the ry-api.dso100.com service and are authorized to use its API key. Prefer an environment variable for the key, keep the base URL pointed at the intended HTTPS service, avoid sharing check-command output, and confirm any keyword add/delete request before allowing the agent to run it.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill invokes a local Python script, reads configuration from files, uses environment-based secrets, and performs network access, yet no explicit permission model is declared. This creates a trust gap: hosts or reviewers may underestimate the skill's ability to access secrets and external services, increasing the chance of unintended data exposure or over-privileged execution.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The skill advertises read-oriented analytics and search capabilities, but the code also supports mutating operations that add and delete keywords on the backend. This creates an integrity risk because a user or calling agent may invoke destructive changes that are outside the expected scope of the skill, potentially altering shared platform data or tracked keyword sets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal