Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Douyin Text Extractor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its Douyin transcription purpose, but its auto-FFmpeg installer downloads and runs unverified external binaries, so it should be reviewed before use.
Install FFmpeg yourself from a trusted source or verify the skill's downloaded binaries before using the auto-installer. Use a limited API key, configure MCP only in trusted clients, and only process videos whose audio you are comfortable sending to SiliconFlow or Aliyun for transcription.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI04: Agentic Supply Chain Vulnerabilities
Medium
What this means
If the download source or archive is compromised, the skill could place or run untrusted binaries/files on the user's machine.
Why it was flagged
The installer fetches executable FFmpeg archives from external/latest URLs and extracts them directly; the shown flow does not include checksum/signature validation or path-safe archive extraction.
Skill content
"linux-x64": "https://github.com/yt-dlp/FFmpeg-Builds/releases/download/latest/ffmpeg-master-latest-linux64-gpl.tar.xz" ... urllib.request.urlretrieve(url, dest_path, reporthook=report_progress) ... zip_ref.extractall(dest_dir.parent) ... tar_ref.extractall(dest_dir.parent)
Recommendation
Prefer installing FFmpeg through a trusted package manager, or pin exact binary versions, verify hashes/signatures, and use safe archive extraction before executing anything.
#
ASI03: Identity and Privilege Abuse
Low
What this means
A configured API key may incur provider usage and can be used by the MCP tool while it is available to the agent.
Why it was flagged
The skill uses provider API keys for SiliconFlow/Aliyun transcription authentication, which is expected for the stated function but grants billable/provider account authority.
Skill content
dashscope.api_key = api_key ... headers = {"Authorization": f"Bearer {self.api_key}"}Recommendation
Use a scoped or low-quota API key, monitor usage, and avoid storing real keys in shared configuration files.
#
ASI07: Insecure Inter-Agent Communication
Low
What this means
Video/audio content from links processed through the MCP tool can leave the local machine for transcription.
Why it was flagged
The MCP server exposes agent-callable tools and uploads selected audio content to the declared transcription provider.
Skill content
mcp = FastMCP("Douyin MCP Server", dependencies=["requests", "ffmpeg-python", "dashscope"]) ... response = requests.post(SILICONFLOW_API_URL, headers=headers, files=files, data=data)Recommendation
Configure the MCP server only for trusted clients, process only videos you intend to share with the ASR provider, and review provider privacy/retention terms.
#
ASI09: Human-Agent Trust Exploitation
Low
What this means
Users may underestimate that provider API calls require sending the key to the provider endpoint.
Why it was flagged
This wording may overstate credential privacy because the key is necessarily transmitted to the chosen provider for API authentication; no unrelated credential exfiltration was observed.
Skill content
API Key 仅保存在本地环境变量中,不会上传到任何服务器。
Recommendation
Clarify the documentation to say the key is not stored by this skill, but is sent to the configured ASR provider for authentication.