抖音每日热门作品榜

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Douyin ranking lookup skill that uses a RedFox API key and does not show hidden, destructive, or unrelated behavior.

Install only if you trust RedFoxHub with a revocable REDFOX_API_KEY. Keep the key scoped and out of logs/prompts, use the skill for explicit Douyin ranking requests, and do not enable any recurring subscription or push behavior unless the agent clearly confirms the schedule, stored preferences, and how to cancel.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill uses sensitive capabilities (environment-variable access for REDFOX_API_KEY and outbound network access to redfox.hk) without declaring permissions. This weakens user visibility and platform enforcement, so a user may invoke a networked, credential-using skill without understanding its access level. In this context the capability use is aligned with the stated product goal, so the risk is from missing transparency and policy control rather than obviously malicious behavior.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The skill description does not accurately match behavior and claimed features: it relies on a third-party service and API key, promises subscription/push features not implemented, and describes constraints like 30-day history and '达人排名' that are not actually enforced or provided. This is dangerous because users and the hosting platform may make trust decisions based on inaccurate claims, while missing validation can lead to unintended data access patterns, misleading outputs, or overbroad triggering of external requests.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill's invocation guidance encourages very broad natural-language triggering for common concepts like 'ranking' and 'hot list,' which can cause the tool to activate when a user did not explicitly intend to call this specific skill. In an agent environment, over-broad triggers increase the chance of unintended third-party API usage and irrelevant data disclosure into the conversation, even though the skill itself is not performing a high-risk action.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The example phrases include generic utterances such as 'Today's ranking' and 'Show all,' which are common in ordinary conversation and not uniquely tied to this skill. This makes accidental invocation more likely, especially in multi-skill agents where such phrases could match many contexts, leading to unintended API calls or confusing tool selection.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The README explicitly says the skill can be used via unrestricted natural-language requests, but it does not define tight activation boundaries or disambiguation rules. In an agent environment, this can cause the skill to trigger on loosely related user utterances, leading to unintended API calls, unnecessary use of the configured API key, or responses being sourced from this skill when the user did not clearly intend it.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The example trigger phrases are short, generic, and conversational, such as requests equivalent to 'today's ranking' or 'today what's hottest,' which can overlap with normal discussion. Because this skill queries external ranking data and uses an API key, broad triggers increase the chance of accidental activation, cross-skill confusion, and unintended external data access in response to ambiguous speech.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad and overlap with normal user language such as asking about '抖音热榜' or '抖音排名', increasing the chance of accidental invocation. In a skill that performs outbound API calls and uses an API key, misfires can leak user intent to a third party, consume quota, and produce confusing or unauthorized external requests even if the underlying function is not highly privileged.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill documents a subscription feature with a default daily push time, but it does not require an explicit user-facing warning that the action creates an ongoing scheduled notification. This can lead users to unknowingly enroll in recurring pushes, creating consent and privacy/UX risks, especially because the default timing is silently applied when the user does not specify one.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal