Douyin Send DM

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform its stated Douyin messaging purpose, but its activation wording is too broad for sending messages from a user's authenticated account.

Review this skill before installing. Only use it if you are comfortable with it operating your Douyin account, and require explicit confirmation of the recipient and exact message text before any DM is sent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger text is intentionally broad enough that ordinary phrasing like 'tell @xyz hi' can activate a real-world messaging action. Because this skill sends messages through the user's authenticated browser session, overbroad activation increases the chance of unintended outbound communication or acting without sufficiently explicit user confirmation.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The condition 'Douyin / 私信 / 发私信 mentioned alongside a target user' is ambiguous and can match discussion, planning, or references rather than a direct command to act. In this skill's context, ambiguity is more dangerous because the resulting action is an authenticated communication on behalf of the user, which can cause privacy, reputational, or consent issues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal