Jinritoutiao Keyword Collector

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill does what it advertises: it opens Toutiao in a browser, submits user-provided keywords, and returns search suggestions, with low privacy cautions.

Install if you are comfortable having the keywords you enter sent to Toutiao through an automated browser. Avoid using secrets, private names, proprietary research terms, or sensitive topics, and close the browser session when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 87% confidence
Finding: This markdown file instructs the agent to navigate to www.toutiao.com and type user-provided keywords into the site's search box, which transmits user input to an external service. While the behavior is core to the skill, the description does not explicitly warn users that their keywords will be sent to a third-party website via browser automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal