Back to skill

Security audit

抖音每日最具影响力账号(红狐数据)

Security checks across malware telemetry and agentic risk

Overview

This Douyin ranking skill is purpose-aligned, but it needs review because report generation can automatically invoke an unsafe Windows shell command and the skill relies on external services/scripts.

Review this before installing if you plan to generate reports on Windows or allow agents to choose output filenames. Use only trusted REDFOX_API_KEY credentials, expect requests to go to redfox.hk, avoid opening generated reports in sensitive contexts unless you accept the CDN dependency, and confirm any subscription includes a clear way to stop recurring updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if system == "Darwin":  # macOS
            subprocess.run(["open", str(abs_path)], check=True)
        elif system == "Windows":
            subprocess.run(["start", "", str(abs_path)], shell=True, check=True)
        else:  # Linux
            subprocess.run(["xdg-open", str(abs_path)], check=True)
        print(f"\n✓ HTML 报告已自动打开: {abs_path}", file=sys.stderr)
Confidence
95% confidence
Finding
subprocess.run(["start", "", str(abs_path)], shell=True, check=True)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The generated report loads html2canvas from a third-party CDN at render time, which introduces an unnecessary external trust dependency into a local reporting workflow. If the CDN resource is tampered with, blocked, or replaced, users opening the local report could execute untrusted JavaScript or leak usage metadata to the external host.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill tells users to describe requests in plain language with 'no commands to memorize,' which creates very broad trigger conditions. In an agent environment, this can cause accidental invocation during ordinary conversation and unintended access to ranking queries, report generation, or subscription setup without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example phrase 'What's the latest Douyin daily account ranking?' is generic enough to overlap with normal user conversation, making misrouting to this skill more likely. In systems that select skills from natural language, overly generic examples can cause unintended activation and downstream actions based on ambiguous requests.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The subscription feature is advertised without a clear warning that it creates an ongoing scheduled push behavior. Users may not realize they are enabling repeated notifications or recurring task execution, which can lead to surprise messages, unnecessary automation, or consent issues.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises HTML report generation and subscription push, both of which are side-effecting behaviors, but it does not clearly warn that files may be created or that automated outbound notifications may continue after setup. In an agent environment, this can lead to unexpected file writes, unintended persistent notifications, or user surprise if consent and confirmation are not explicit at execution time.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The top-level description uses broad wording around ranking, recommendations, and report downloads that can cause the skill to trigger on loosely related user queries. Over-broad activation is dangerous because once invoked, the skill is instructed to use network, shell, and file operations, potentially causing unintended external calls or file generation for requests that did not clearly ask for this skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger examples include vague phrases like '最新推荐' and broad ranking/recommendation language without strict product or domain boundaries. This increases the risk of incorrect invocation on general recommendation requests, which can lead to unnecessary external API usage, data processing, and report generation outside the user's intended scope.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation directs the skill to send requests to an external domain (`redfox.hk`) using an API key from `REDFOX_API_KEY`, but it does not warn users or integrators that queries and associated metadata will leave the local environment. In a skill context, lack of disclosure around third-party transmission can lead to unintended sharing of user-provided inputs and operational secrets with an external service, especially when users may assume the tool is operating locally or first-party only.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.