Back to skill

Security audit

短剧-抖音信息源

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Douyin short-drama reporting skill, but it needs Review because it handles an API key and automatically opens locally generated HTML from third-party data without enough safeguards.

Install only if you trust RedFoxHub and need Douyin short-drama analytics. Use a revocable API key, do not print or pass the full key on the command line, expect local cache/report files, and be cautious with the auto-opened HTML report because it contains externally sourced content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
This documentation point contradicts the stated requirement to wait for user confirmation before querying unavailable dates. Contradictory instructions in an agent skill are dangerous because the runtime may follow the permissive path and perform network actions the user did not approve.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The `--latest` parameter documentation explicitly allows skipping unavailable date ranges automatically, which conflicts with the no-auto-fetch rule. In this context, that inconsistency can lead to silent retrieval of different data than the user requested, causing unintended API usage and misleading results.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The example explicitly says historical date queries require no user confirmation, which conflicts with the skill’s stated safety requirement that when the target date has no data, the user must be informed and confirmation obtained before calling the API. This kind of contradictory guidance can cause an agent to bypass an intended consent/check flow and make unintended external requests, especially around unavailable or ambiguous dates.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill advertises invocation through unrestricted natural-language requests, which can cause over-broad or accidental activation by users or upstream agents. Because the skill can trigger API-backed data retrieval and report generation, ambiguous activation boundaries increase the risk of unintended calls, unexpected data access, and policy bypass around the documented requirement to confirm when target-date data is unavailable.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example phrases are broad, everyday requests that are likely to overlap with normal conversation, making accidental invocation more likely. In an agent ecosystem, generic cues such as 'show me today's report' or 'what are this month's trends' can be matched too eagerly, causing unintended external API use, unnecessary subscription actions, or generation of reports the user did not explicitly request.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill advertises automatic daily subscription output to a local folder without clearly warning that it will create files on an ongoing basis. While not inherently malicious, undisclosed persistence and repeated file creation can surprise users, consume storage, and create privacy issues if reports contain sensitive business analysis.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation tells users to print the API key to the terminal for verification, which can expose the secret on-screen and in terminal logs, recordings, support screenshots, or shell tooling. In a skill that relies on an API credential for network access, encouraging secret disclosure materially increases credential-compromise risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Allowing or documenting API key passage via a CLI argument is risky because command-line secrets are often exposed through shell history, process listings, monitoring tools, and crash reports. Given this skill's use of an external API key, that makes credential leakage more likely in routine use.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The subscription example enables recurring report generation and writes files into the user's Downloads directory without clearly warning that this creates ongoing background output and consumes local storage over time. While not directly enabling code execution or data exfiltration, it can lead to unexpected persistence, disk usage, and user surprise in an agent context where actions should be explicit and well-scoped.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script sends query parameters and an API credential to a third-party endpoint, but it provides no clear user-facing disclosure at execution time that a network request will occur. In an agent skill context, silent outbound transmission can surprise users and may expose query intent, usage metadata, and secrets to an external service without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.