抖音热榜 / Douyin Hot

Security checks across malware telemetry and agentic risk

Overview

The Douyin trend fetcher works as advertised, but bundled helper scripts add under-documented local database storage and HTML report generation that users should review before installing.

Review before installing. Use the documented Node fetcher if you only need temporary output, and be aware that the Python helpers can create a local SQLite database and generated HTML report. Avoid opening or sharing generated reports until output escaping and link validation are added, and delete data/douyin.db when you no longer want retained trend history.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 81% confidence
Finding: The skill documentation declares a simple data-fetching purpose, but the detected capabilities include shell execution, network access, and file writing without any explicit permission declaration. This creates a trust and transparency gap: users or platforms may approve the skill expecting read-only retrieval behavior while it can also invoke external commands and persist data locally.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: A description-behavior mismatch is a real security issue because it hides materially different behavior from users and reviewers. If the skill stores data in SQLite, keeps logs, supports historical queries, and generates HTML reports despite presenting itself as a simple fetcher, it increases the attack surface for data retention, unintended local persistence, and potentially unsafe report generation or disclosure.

Description-Behavior Mismatch

Medium

Confidence: 81% confidence
Finding: The skill description says it fetches and outputs Douyin trending data, but this code persists fetched content into a local database. That undisclosed stateful behavior can violate least surprise, create retention/privacy concerns, and expand the attack surface by storing untrusted external data for later use by other components.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The code automatically initializes and manages a local SQLite database even though the skill metadata emphasizes fetching and outputting hot-list data. Hidden database creation and management increase persistence and side effects, which can surprise operators and create policy/compliance issues in environments expecting read-only behavior.

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal