Back to skill

Security audit

TikTok Hotspot Monitor

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its TikTok analytics purpose, but it stores reusable TikTok login session data and includes under-disclosed video download capability, so users should review it before installing.

Install only if you are comfortable with TikTok crawling through Apify or a logged-in Playwright browser. Prefer Apify mode or a dedicated low-privilege TikTok account, keep data/tiktok_session.json out of version control, delete it when not needed, and review the included video-downloader script before allowing agents to run arbitrary scripts from this package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script explicitly saves TikTok authenticated browser session state, including cookies and related storage, to a persistent JSON file on disk. That creates a reusable credential artifact which could be stolen, copied, or misused to access the account outside the intended login flow, and this persistence is broader than what is needed for simple report generation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code captures full authenticated browser state after manual login and writes it to disk, enabling later authenticated access without re-authentication. In an analytics skill, retaining long-lived account session material expands the blast radius of local compromise and creates unnecessary exposure of sensitive cookies beyond the stated hotspot-monitoring purpose.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README instructs users to save and reuse a TikTok login session for Playwright automation, but it does not warn that session state may contain authentication tokens/cookies equivalent to account access. In an agent-skill context, this is riskier because users may automate storage and reuse of sensitive browser state without understanding that leakage of the session file could enable account compromise or privacy exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The adapter performs live TikTok searches using a persisted authenticated session from disk, which means tool invocations may act as a logged-in user without an explicit consent prompt, scope restriction, or clear operator-facing warning. In an MCP/tooling context, this increases the risk of unintended account-backed requests, privacy exposure, and misuse of stored session state if the tool is called automatically or by an untrusted workflow.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill metadata and description do not clearly warn users that running the skill sends TikTok search terms and related crawl inputs to external services such as Apify or through browser automation. This can mislead users about data flows, consent, and operational risk, especially in environments that restrict third-party data transmission or automated scraping.

Unpinned Dependencies

Low
Category
Supply Chain
Content
apify-client>=1.0.0
playwright>=1.40.0
Confidence
95% confidence
Finding
apify-client>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
apify-client>=1.0.0
playwright>=1.40.0
Confidence
95% confidence
Finding
playwright>=1.40.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.