ClawHub

Downloader tiktok videos

Security checks across malware telemetry and agentic risk

Overview

This is a transparent TikTok downloader, but it reaches into browser-session cookies and host-level installs beyond a simple public-video download workflow.

Install only if you are comfortable with a local yt-dlp-based downloader that can run shell commands, write media files, and may ask for system package installation. Use an isolated environment, avoid --break-system-packages on a main system, and do not use browser cookies or cookies.txt unless you understand they can act like account passwords. Require explicit approval before installs, authenticated downloads, proxies, or geo-bypass.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly instructs the agent to execute shell commands such as pip installs, apt-get, ls, and yt-dlp downloads, but no permissions are declared. This creates a mismatch between the skill's documented capabilities and its declared security model, increasing the risk of silent command execution without appropriate review or sandboxing.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill is scoped to downloading from public TikTok accounts, but it documents authenticated-download methods and browser cookie extraction. That expands capability into accessing non-public or account-scoped content and normalizes handling live session material, which increases the chance of credential/session misuse or overcollection by downstream agents.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The proxy and geo-bypass guidance is not necessary for the stated purpose of downloading public TikTok content and can facilitate policy evasion, regional restriction circumvention, and concealment of traffic origin. In an agent skill, this broadens operational behavior beyond ordinary user intent and can be misused to bypass safeguards or platform controls.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation guidance is overly broad, triggering on general mentions of TikTok, scraping, metadata retrieval, or archiving. This can cause the skill to be invoked in contexts where the user did not clearly request downloading or shell execution, increasing the chance of unintended actions and data handling.

YARA rule 'info_stealer': Information stealer patterns (credential harvesting, browser data theft) [malware]

High
Category
YARA Match
Content
|-------|-------|-----|
| `HTTP Error 403` | TikTok rate limiting | Add `--sleep-interval 3 --max-sleep-interval 6` |
| `Unable to extract` | Outdated yt-dlp | `pip install -U yt-dlp --break-system-packages` |
| `Private account` | Private account | Use `--cookies-from-browser chrome` if logged in ⚠️ exports session cookies — keep them private |
| `No video formats` | Geo-restriction | Add `--geo-bypass` |
| `Sign in required` | Restricted content | Provide cookies via `--cookies cookies.txt` ⚠️ treat this file like a password |
| `Merge requires ffmpeg` | ffmpeg missing | `apt-get install ffmpeg -y` |
Confidence
88% confidence
Finding
cookies-from-browser chrome

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal