Tiktok Trend Slayer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed TikTok/EchoTik analytics skill that uses user-provided API credentials to fetch market data and write local reports, with some activation and privacy cautions but no evidence of hidden or destructive behavior.

Install only if you are comfortable providing EchoTik credentials and, optionally, a TikTok Shop access token. Use limited-scope credentials where possible, expect selected categories and regions to be sent to those APIs, and keep generated reports in a dedicated output directory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill clearly invokes a shell script and depends on external binaries (`curl`, `jq`), but the manifest does not declare explicit permissions for shell execution. That creates a transparency and policy-enforcement gap: users or platforms may not realize the skill can execute commands and make outbound requests with supplied credentials.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The workflow trigger phrases are broad, natural-language prompts like 'what to sell' and 'create video scripts,' which can overlap with ordinary user requests and cause unintended skill activation. In a skill that can use credentials and fetch external data, accidental activation increases the chance of unnecessary data transmission or actions the user did not explicitly intend.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to provide API credentials and describes external data fetching, but it does not warn that prompts, category selections, and fetched analytics may be transmitted to third-party services. This weakens informed consent and can expose business-sensitive market research or account-linked data to external vendors without clear disclosure.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The workflow trigger text is broad enough to activate a high-impact analytics/reporting workflow for ordinary business queries like market comparison or category exploration. In an agent setting, ambiguous triggers can cause unintended tool use, excess data collection, and surprising execution of shell-based workflows without sufficiently explicit user intent.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The product-selection trigger phrases are generic and overlap with common recommendation requests, making accidental invocation likely. Because the workflow fetches market data and generates downstream business recommendations, an ambiguous trigger can lead to unnecessary external API usage, unintended processing, and output the user did not actually request.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: Phrases like 'content plan' or 'what hooks to use' are common, low-specificity requests that can overlap with routine brainstorming. In this skill, that ambiguity is riskier because the workflow may generate structured scripts, calendars, and assignments tied to prior data-driven steps, causing overreach beyond the user's intended scope.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal