ClawHub
Back to skill

Security audit

TikTok账号搜索

Security checks across malware telemetry and agentic risk

Overview

This TikTok search skill matches its stated purpose, but it sends an API key over HTTPS while deliberately disabling certificate and hostname verification.

Review before installing. Only use this with a RedFox API key you can rotate or revoke, and avoid sensitive searches until the maintainer restores normal TLS certificate verification and documents exactly what is sent to RedFox.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill requires environment and network access to read an API key and send external requests, but it declares no corresponding permissions. This reduces transparency and can cause users or the host agent to authorize behavior they did not clearly consent to, especially because the skill transmits user queries and a configured credential to a third-party service.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
This is a substantive behavior mismatch, not just a documentation issue: the skill relies on a third-party Redfox API instead of direct TikTok access, exposes additional metadata, and the referenced implementation reportedly disables SSL certificate verification. Disabling TLS verification makes the outbound request vulnerable to interception or tampering, while the undocumented data handling and missing similar-keyword behavior undermine informed consent and trust boundaries.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The SSL helper explicitly disables both certificate validation and hostname verification for every HTTPS request. This makes the API call vulnerable to man-in-the-middle interception or redirection, allowing an attacker on the network path to steal the REDFOX API key, tamper with responses, or return attacker-controlled data while the client treats the connection as trusted.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill advertises very broad natural-language triggers such as general TikTok creator/account queries, which can cause the agent to invoke this skill in situations the user did not explicitly intend. Unintended invocation can leak user queries to the third-party RedFox-backed service and produce confusing or irrelevant tool use, especially because the skill is tied to an external API key and data provider.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README explicitly says users can invoke the skill with unrestricted natural language, which increases the chance of accidental or overly broad activation during ordinary conversation. In agent environments, ambiguous activation boundaries can cause the tool to run when the user did not clearly intend a TikTok account search, leading to unintended external queries or data handling.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example phrases are broad conversational requests such as asking what creators exist in a category, which can easily overlap with normal user dialogue. That makes mis-triggering more likely, especially in multi-skill agents where casual discussion about TikTok creators could unintentionally activate this skill and send queries to a third-party service.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill instructs users to configure an API key but does not clearly disclose that the credential will be consumed for external requests to a third-party service. This weakens informed consent and can lead users to expose a sensitive credential without understanding when and how it is used.

Missing User Warnings

High
Confidence
99% confidence
Finding
Certificate verification is disabled without any guardrails, warning, or environment-based restriction, so all outbound API traffic is unauthenticated despite using HTTPS. In this skill, that is especially risky because the request carries a secret API key and the response data is trusted and surfaced to downstream users.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
def get_api_key() -> str:
    val = os.environ.get("REDFOX_API_KEY", "")
    if not val:
        print("[error] 未找到环境变量 REDFOX_API_KEY,请确认已设置 API Key", file=sys.stderr)
        sys.exit(1)
Confidence
70% confidence
Finding
os.environ.get("REDFOX_API_KEY

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal