抖音作品实时搜索

Security checks across malware telemetry and agentic risk

Overview

The search script itself is straightforward, but the skill also asks agents to create recurring daily subscription tasks without enough scoping or cancellation detail.

Install only if you trust Redfox with your Douyin search keywords and can use a revocable API key. Treat the daily subscription feature as Review-worthy: do not enable it unless your platform clearly shows the scheduled job, where results are sent, how often it runs, what key it uses, and how to cancel it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The README advertises a daily subscription/scheduled push feature that goes beyond the stated realtime-search purpose. Expanding from one-shot queries to persistent scheduled actions changes the trust and permission model, and can lead to unauthorized automation or user surprise if the agent enables recurring behavior without explicit product support and consent.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: The usage guide tells users that saying 'Confirm subscription' creates a scheduled task, despite the skill metadata describing realtime querying rather than automation. This mismatch can induce an agent to perform persistent actions that users may not understand as ongoing, creating a capability-confusion risk.

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The use-case section introduces ongoing keyword monitoring, which implies persistent tracking and automated recurring behavior not reflected in the manifest. While this is documentation-level, it broadens perceived authority and may cause downstream systems or users to assume the skill can continuously monitor terms without proper disclosure.

Description-Behavior Mismatch

Medium

Confidence: 87% confidence
Finding: The README advertises a daily subscription push capability that exceeds the stated on-demand realtime-search scope, which can create an undocumented persistent action surface. Features involving scheduled execution and repeated outbound access are materially riskier because they can trigger ongoing behavior without fresh user intent, increasing the chance of abuse, unexpected data use, or unauthorized automation.

Vague Triggers

Medium

Confidence: 77% confidence
Finding: The invocation guidance says users can 'just describe your need in plain language,' paired with broad trigger examples for common search requests. In an agent environment, overly broad routing language can cause accidental invocation on ordinary conversation, leading to unintended external API calls, unnecessary data exposure, or actions taken without clear user intent to use this skill.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: A daily scheduled subscription is presented as a feature without a prominent warning that it creates persistent automated behavior. This is dangerous because users may interpret it as a one-time lookup, while the system could establish recurring monitoring or notifications that continue after the initial interaction.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Overly broad natural-language trigger guidance can cause accidental invocation during ordinary conversation, especially in a chat environment where users may mention Douyin, 'latest,' or 'current' casually. In this skill context, unintended activation can lead to unexpected external API calls, data disclosure to a third party, and action confusion when the user did not mean to run the tool.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The phrase '确认订阅' is highly ambiguous and can be spoken in many unrelated contexts, yet here it is documented as creating a scheduled task. Because subscription creation is a persistent side effect, a vague trigger materially increases the risk of accidental enrollment, unwanted recurring actions, and user confusion about what was authorized.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation describes daily automatic push behavior but does not adequately explain that this is a persistent scheduled action, how it is managed, or how users can revoke it. In a skill that otherwise appears to be a one-shot search utility, insufficient disclosure around continuous behavior raises consent and safety concerns because users may not realize they are authorizing repeated future execution.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The skill promotes daily scheduled subscriptions that repeatedly query an external API and push results, but it does not clearly warn users that this causes ongoing outbound requests and recurring data transmission. Users may unknowingly authorize persistent background activity, which can affect privacy, API spend, and operational visibility.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal