Download-video-tiktok

Security checks across malware telemetry and agentic risk

Overview

This TikTok downloader does what it claims, but it also gives the agent under-scoped authority to install packages and use browser cookies, so users should review it before installing.

Install only if you intentionally want an agent to run yt-dlp for TikTok and save media locally. Avoid the browser-cookie and exported-cookie workflows unless you explicitly approve authenticated account access, and use a controlled environment where dependency installation is pinned or handled separately rather than letting the skill modify system Python packages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (7)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: return True except FileNotFoundError: print("❌ yt-dlp non trouvé. Installation...") subprocess.run([sys.executable, "-m", "pip", "install", "-U", "yt-dlp", "--break-system-packages"], check=False) return True
Confidence: 97% confidence
Finding: subprocess.run([sys.executable, "-m", "pip", "install", "-U", "yt-dlp", "--break-system-packages"], check=False)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The documentation directs package and system-level installation actions that go beyond simply downloading TikTok media, including Python package upgrades with --break-system-packages and potential system modification. In an agent context, this broadens the blast radius from content retrieval to host alteration and supply-chain exposure.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The skill explicitly recommends using browser-extracted cookies or cookie files to access private or restricted TikTok content, which exceeds the stated public-account use case. This can facilitate unauthorized access to authenticated content and expose sensitive session material from the user's browser or local files.

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The skill's manifest describes TikTok retrieval, but the code also performs package installation and upgrade operations. That hidden capability changes system state and introduces unnecessary supply-chain exposure beyond the user's expected scope of action.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: Environment-modifying package installation is not justified by the skill's stated purpose and can alter shared Python environments, especially with --break-system-packages. In an agent setting, this is more dangerous because a simple media-download request can unexpectedly trigger host changes and broaden the blast radius of a compromise.

Vague Triggers

High

Confidence: 91% confidence
Finding: The activation description is overly broad and triggers on nearly any mention of TikTok, including generic requests about scraping, archiving, metadata, or downloads. Over-broad invocation increases the chance the agent runs powerful shell/network actions in contexts where the user did not clearly request them, raising misuse and consent risks.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill gives step-by-step instructions to extract and reuse authenticated TikTok browser cookies, but does not warn that these cookies are equivalent to active session credentials. In this context, the omission materially increases the risk of account/session compromise, unauthorized access, and insecure storage or sharing of authentication material.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal