ClawHub

抖音作品查询

Security checks across malware telemetry and agentic risk

Overview

The skill mostly performs a disclosed Douyin search, but its optional subscription flow can create recurring automated searches without clear review or cancellation controls.

Install only if you are comfortable sending Douyin search keywords to Redfox using your REDFOX_API_KEY. Treat subscription as a recurring automation: confirm it only when you know where the scheduled task will live and how you can disable it later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The documentation expands a one-shot search skill into a recurring subscription/push system, enabling persistent automated behavior beyond the core search function. That increases the blast radius from a user-initiated query to ongoing scheduled executions, repeated network access, and continued processing after the original interaction ends.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
These instructions explicitly direct the agent to use platform cron/automation features to create recurring jobs that rerun the script and push results back into the conversation. For a search-only skill, this is an unjustified escalation from transient data retrieval to autonomous scheduled execution, which can be abused for persistence, unwanted notifications, and repeated API consumption.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The README states users can invoke the skill with essentially any natural-language description and "no fixed commands," which creates overly broad and ambiguous trigger boundaries. In an agent environment, this increases the chance the skill is invoked unintentionally or on loosely related requests, causing unnecessary data access, confusing behavior, or unsafe chaining with other tools.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The skill advertises casual conversational input plus automatic keyword generalization to ensure results, but does not specify limits on how far queries may be rewritten. This ambiguity can cause the agent to over-normalize user input, invoke the skill on unintended topics, or silently transform requests in ways the user did not authorize, reducing predictability and increasing the risk of inappropriate tool use.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README tells users to invoke the skill with unconstrained natural language, which makes accidental triggering more likely when a user is discussing Douyin trends generally rather than intentionally calling the tool. In an agent environment, broad invocation guidance can cause unintended searches, external API calls, and downstream side effects such as prompting a subscription flow without clear user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example phrases are close to ordinary conversation like '最近搞笑视频挺火的', so a host agent may misclassify routine discussion as a tool invocation. Because this skill reaches an external service and may lead users into recurring subscription behavior, ambiguous triggers increase the chance of unintended data access and user surprise.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README advertises daily automatic subscription pushes but does not clearly disclose ongoing notification behavior, retention of the keyword, or any continuing use of the user's account/session after the initial query. This can lead to unexpected recurring actions and privacy or consent issues, especially in agentic systems where users may not realize a one-time search can become a scheduled workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Promoting '查完即订' and one-click subscription after a query encourages enabling recurring behavior without sufficient friction or informed consent. In context, this is more dangerous because the skill is marketed for natural-language use, so a user seeking a simple search may be funneled into persistent notifications they did not fully intend to enable.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises daily automatic subscription pushes but does not clearly warn, at the point of feature description, that this entails ongoing automated actions, repeated network calls, and continued use of stored configuration/API access. Users may reasonably interpret the tool as a one-time search utility and not appreciate that enabling subscription creates persistent background behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script transmits the user-supplied search keyword to a third-party API endpoint, which creates a privacy and data-handling risk if users are not explicitly informed that their input leaves the local environment. In an agent skill context, users may assume a local search capability, so undisclosed network transmission can expose sensitive queries, internal project names, or other confidential terms to an external service.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal