Back to skill

Security audit

抖音复刻蒸馏写作技能

Security checks across malware telemetry and agentic risk

Overview

It looks like a legitimate writing-style analysis tool, but it can fetch outside content and persist generated persona skills locally, so it needs careful review before installation.

Review this skill before installing. Use it only if you are comfortable configuring REDFOX_API_KEY, spending RedFox API credits, fetching third-party Douyin content, and allowing generated persona skills to be written under ~/.workbuddy/skills. Prefer reviewing the generated SKILL.md before enabling it, and keep a backup or uninstall path for any persona skill it creates or updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The workflow instructs the agent to create and install a new local sub-skill under the user's environment, which is a filesystem-modifying side effect not clearly disclosed by the skill description. Hidden persistence-like behavior is dangerous because it can plant reusable instructions or code in a trusted local location, expanding impact beyond the current session.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Automatic installation into ~/.workbuddy/skills modifies the user's home directory for a task that is framed as text/style analysis. This creates unnecessary local persistence and could be abused to overwrite trusted agent behaviors, introduce malicious prompts, or leave long-lived artifacts the user did not expect.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README says users can invoke the skill with broad natural-language requests and provides examples that overlap with ordinary conversation. In agent environments, overly generic invocation guidance increases the chance of accidental triggering, which could cause unintended content collection, analysis, or persona generation without the user clearly intending to run this skill.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README advertises automatic Douyin material collection and installation of a local persona sub-skill, but does not prominently warn about data access, network activity, storage changes, or the trust implications of installing generated artifacts. In an agentic context, that omission can lead users to authorize actions affecting external data sources or their local environment without understanding the operational and security impact.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README explicitly says the skill can be invoked with unrestricted natural-language requests, which creates ambiguous and overly broad activation conditions. In a skill that can collect external content, read user-provided file paths, and generate/install a local sub-skill, loose triggering increases the chance of unintended execution, prompt-routing mistakes, or user requests being interpreted as authorization for sensitive actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises automatic article collection and local installation of a generated sub-skill, but does not present concrete privacy, consent, provenance, filesystem, or execution-safety warnings to the user. In this context, the danger is elevated because the skill processes third-party content and can persist artifacts locally, which can lead to unauthorized data collection, unsafe file access, accidental installation of unreviewed instructions, or downstream prompt/code injection into the generated sub-skill.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is very broad and includes common writing-related phrases such as style analysis, imitation, and cloning. This increases the chance of accidental or unexpected activation during ordinary user requests, which can lead to unintended scraping, style cloning, or downstream actions the user did not clearly authorize.

Vague Triggers

Medium
Confidence
95% confidence
Finding
Saying the skill can be used with any natural-language request makes activation boundaries ambiguous. In a skill that can collect third-party Douyin content and create local sub-skills, ambiguous invocation increases the risk of unintended execution and reduces meaningful user consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises automatic Douyin material collection but does not clearly warn users that third-party content may be fetched automatically. This creates consent and privacy risks, and may also expose users to compliance issues if content is collected without clear notice or authorization.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill states that a generated sub-skill will be installed locally, but it does not provide an explicit warning that this modifies the local environment. Silent or insufficiently disclosed local installation is more dangerous than ordinary content generation because it can persist changes, introduce unreviewed instructions, and expand the attack surface beyond the current session.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The workflow directs local file creation/modification without an explicit warning or consent flow. Unannounced filesystem writes are dangerous in agent skills because they can persist behavior changes, tamper with existing tools, or create trusted artifacts that later influence execution.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Updating an existing SKILL.md without explicit warning risks modifying prior local data and silently changing an installed skill's behavior. This is less severe than first-time installation but still dangerous because it can overwrite user-customized or previously trusted instructions.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The template defines broad natural-language trigger phrases such as '像[作者名]一样写' and '模仿[作者名]写作' without any exclusion rules, scoping, or confirmation requirements. In an agent-skill ecosystem, overly generic triggers can cause accidental invocation, context hijacking, or unintended activation during ordinary conversation, which is especially risky because this skill then steers output into identity imitation and strong behavioral constraints.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.