ClawHub

抖音账号订阅追踪

Security checks across malware telemetry and agentic risk

Overview

This Douyin tracking skill is mostly purpose-aligned, but it needs review because it can silently create recurring monitoring tasks and contains under-disclosed local subscription storage.

Install only if you are comfortable giving Redfox an API key and sending the Douyin account IDs you monitor, which may reveal business or competitor-tracking interests. Before using it, confirm each subscription and daily automation change, review any created scheduled tasks, and be aware that the script can also store subscriptions locally under ~/.qoder/douyin_subscriptions.json despite the no-local-storage wording.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill exercises sensitive capabilities including environment access, file read/write, and network access, yet declares no permissions or equivalent user-visible disclosure. This undermines informed consent and safe policy enforcement because the agent can handle API keys, create reports, and interact with external services without an explicit capability boundary.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The file materially misrepresents behavior by claiming there is no local file storage and emphasizing command-embedded account IDs, while the analyzed behavior includes local persistence, subscription management, external API use, and richer analysis than disclosed. Security-relevant mismatches like hidden persistence and undisclosed third-party data transfer can cause users to authorize actions they would not have accepted if accurately described.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation guidance encourages invocation through very broad natural-language phrases, which can increase accidental triggering or ambiguous routing in an agent environment. In a skill that performs subscription and scheduled tracking actions, unintended invocation could lead to unwanted account subscriptions, report generation, or background automation without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to create or modify recurring automation tasks that embed monitored account IDs, but does not require clear user-facing disclosure or confirmation about persistent scheduled monitoring. That creates a consent and privacy risk because tracking continues daily after a one-time interaction, and identifiers are stored in automation configuration.

Missing User Warnings

High
Confidence
98% confidence
Finding
The interaction rules explicitly require silent execution of verification, subscription, and automation updates while suppressing process disclosures to the user. Hiding state-changing actions is dangerous because it enables covert creation or modification of persistent monitoring tasks and obscures when external API calls or durable changes are being made on the user's behalf.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script sends tracked Douyin account identifiers, date filters, and source metadata to a third-party API at redfox.hk without an explicit consent prompt or clear disclosure at execution time. In a subscription-monitoring skill, these identifiers can reveal business interests, monitored competitors, or user tracking targets, creating a privacy and confidentiality risk if users assume processing is local.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal