Tiktok Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is for TikTok publishing and mostly says so, but it uses a persistent third-party credential that can publish through connected social accounts and contains a misleading data-flow statement.

Install only if you trust Boring with delegated social-posting authority. Treat the MCP connector URL like a password, connect only accounts you intend to use, revoke or rotate the token when finished, and require explicit confirmation before any live post is created.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The skill’s Security & Data Handling section claims that analytics queries only retrieve performance metrics and that no content is uploaded or modified, yet the documented workflow explicitly uploads media and publishes TikTok posts. This creates a misleading trust boundary: users may underestimate the operational scope and grant a credentialized MCP connector believing it is read-only in some contexts when it actually has write/publish capability.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal