ClawHub

Douyin Ai Script Generator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Douyin AI-video script generator whose web search and local file-writing behavior fit its stated purpose, though users should confirm searches and save locations.

Before installing, expect this skill to search the web for current AI topics when no topic is provided and to save generated scripts locally. In shared or source-controlled workspaces, confirm the output path first, and review generated claims and fear-based marketing language before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation conditions are broad enough that the skill may trigger for general requests about AI topics or short-form content, causing unexpected tool use or content generation. In context, this matters because the skill can automatically search the web and write files, so over-broad triggering increases the chance of unintended external calls or persistent side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises automatic web searching but does not clearly warn the user that their request may cause an external network call. This is dangerous because user-provided topics or context could be sent to external services without informed consent, creating privacy and data-handling risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states that generated scripts will be saved to the project root but does not provide a clear warning or ask for consent before writing files. Silent file creation can overwrite user expectations, create clutter, or introduce downstream workflow risks if other tools automatically process files in that location.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented automatic search flow includes external web access without an explicit privacy warning. This is more concerning in this skill because the search is triggered automatically when no topic is provided, meaning network activity can happen even when the user only asked broadly for script help.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal