抖音相似账号推荐

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the advertised Douyin account lookup, but it also normalizes persistent API-key storage and remote account collection/push flows that need careful review.

Install only if you are comfortable sending Douyin account identifiers to RedFox and using a RedFox API key. Prefer setting REDFOX_API_KEY only for the current session or through a secure secret manager rather than writing it into shell startup files. Treat --sync and subscription/push options as remote enrollment actions and use them only after confirming what data RedFox will store and how to stop future updates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (13)

Context-Inappropriate Capability

High

Confidence: 97% confidence
Finding: The skill instructs the agent to persistently set the user's REDFOX_API_KEY in shell startup files or Windows user environment variables. This exceeds the narrow need of a one-time lookup operation and creates lasting credential exposure risk: secrets may be stored in plaintext, inherited by other processes, exposed in shell history or backups, and reused by unrelated tools or later compromised sessions.

Context-Inappropriate Capability

Medium

Confidence: 82% confidence
Finding: The documentation claims subscription push and automatic future notifications, but the visible skill description centers on a single-script query tool and does not justify or explain the backend needed for ongoing message delivery. Unclear notification behavior can lead to undisclosed data retention, tracking, or recurring external processing beyond the user's immediate request.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The workflow adds a subscription/push-notification feature that is not disclosed in the skill metadata, expanding behavior beyond the user’s expected one-time similar-account lookup. This creates a consent and scope-transparency problem because users may provide account identifiers for analysis without realizing the skill also solicits recurring delivery of account updates.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The workflow includes an account collection/sync enrollment path that triggers external data collection and later report delivery, but this capability is not disclosed in the skill description. That is dangerous because a user asking for analysis may instead initiate a backend enrollment/monitoring action on a target account without adequate notice about the changed processing purpose.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill’s stated purpose is recommending similar Douyin accounts, but it also exposes a separate workflow that triggers remote account collection/synchronization on a third-party service. That is a materially different capability with external side effects, and the script executes it whenever `--sync` is supplied without any in-script confirmation or clear disclosure at runtime.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code searches through shell rc files, PowerShell profiles, and the Windows registry to discover API credentials instead of limiting itself to a declared environment variable or explicit user input. Reading unrelated local configuration files broadens access beyond the skill’s recommendation function and can unintentionally expose secrets from user-controlled files to the skill runtime.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The instructions tell the agent to alter persistent user configuration to store an API key, without an explicit safety warning about modifying the system environment. This is dangerous because it normalizes configuration changes that may outlive the session, affect unrelated workflows, and expose credentials to other local users, software, logs, or support artifacts.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README-like guidance tells users to append credentials directly into shell profile files without warning about persistence or credential exposure. Storing API keys in plaintext profile files increases the chance of accidental disclosure through backups, dotfile sync, shared machines, screenshots, terminal history, or later compromise of the user account.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The document instructs the agent to send account names or IDs to an external API but provides no user-facing warning that identifiers and related analysis data are transmitted off-platform. This undermines informed consent and can expose user-supplied or third-party account data to an external processor without transparency.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The follow-up sync/collection flow triggers external account collection and promises later push delivery, but the workflow does not warn the user that this causes additional backend processing beyond the original failed lookup. The combination of external collection plus delayed delivery makes the omission more serious because it changes both data handling and user expectations about ongoing processing.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script reads credentials from user profile files and Windows profile locations without any user-facing warning that local configuration files will be accessed. Even if intended for convenience, silently harvesting secrets from shell startup files violates least surprise and increases the risk of collecting credentials the user did not intend to expose to this skill.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script transmits user-supplied account identifiers to `redfox.hk` and relies on returned account/profile/work data from that external API, but there is no clear runtime notice or consent step describing this data transfer. In a skill handling third-party account analysis, undisclosed outbound sharing creates privacy and trust risks, especially when account names/IDs may be sensitive business research inputs.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The sync path triggers external account collection through `syncUserNotes` based solely on the presence of the `--sync` flag and does not implement an execution-time confirmation prompt. Because this action enrolls an account into a remote collection queue, the missing confirmation makes accidental or opaque triggering more likely and increases the risk of unauthorized data collection requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal