ClawHub

抖音无水印视频下载和文案提取

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it downloads Douyin videos, extracts audio, sends audio to SiliconFlow for transcription, and saves results locally.

Install only if you are comfortable sending extracted video audio to SiliconFlow for transcription and saving transcripts/videos locally. Use it only with Douyin links you trust and content you have rights to process; consider running it in a restricted environment because URL validation and download size limits are not enforced.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Tainted flow: 'share_url' from requests.get (line 94, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
raise ValueError("未找到有效的分享链接")

        share_url = urls[0]
        share_response = requests.get(share_url, headers=HEADERS)
        video_id = share_response.url.split("?")[0].strip("/").split("/")[-1]
        share_url = f'https://www.iesdouyin.com/share/video/{video_id}'
Confidence
91% confidence
Finding
share_response = requests.get(share_url, headers=HEADERS)

Tainted flow: 'video_info' from os.getenv (line 359, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
if show_progress:
            print(f"正在下载视频: {video_info['title']}")

        response = requests.get(video_info['url'], headers=HEADERS, stream=True)
        response.raise_for_status()

        # 获取文件大小
Confidence
95% confidence
Finding
response = requests.get(video_info['url'], headers=HEADERS, stream=True)

Tainted flow: 'files' from open (line 251, file read) → requests.post (network output)

High
Category
Data Flow
Content
}

        try:
            response = requests.post(self.api_base_url, files=files, headers=headers)
            response.raise_for_status()

            result = response.json()
Confidence
97% confidence
Finding
response = requests.post(self.api_base_url, files=files, headers=headers)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documents capabilities that access environment variables, write files, and perform network requests, but it does not declare permissions or present a clear trust boundary. This is dangerous because the agent may invoke the skill without adequate user awareness that local files will be created and external services will be contacted, increasing the risk of unintended data exposure or unsafe execution in restricted environments.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger description is broad enough to match many ordinary requests about Douyin links or video content, which can cause the skill to activate in contexts where the user did not intend downloading, transcription, or external processing. Over-broad activation increases the chance of surprising side effects such as network calls, file creation, and third-party data transfer.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill does not prominently warn that video/audio content is uploaded to an external speech-recognition service and that files are automatically saved locally. This creates a meaningful privacy and data-handling risk because users may provide links containing sensitive or copyrighted material without understanding that content will leave the local environment and persist on disk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Audio extracted from downloaded videos is sent to a third-party transcription service without a clear privacy notice or explicit consent flow. In this skill's context, users may expect download/transcription functionality but still not expect raw audio to leave the local environment, making the privacy risk more significant.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal