ClawHub

Douyin Hot Scraper

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Douyin hot-list and search scraper; the main risk is that broad natural-language triggers could run network searches sooner than some users expect.

Install only if you are comfortable with the agent querying Douyin and sending your search terms to Douyin. Use explicit Douyin-related requests, avoid sensitive keywords, and choose output file paths deliberately when saving results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to 'directly invoke' on broad natural-language search intent, with examples that cover generic phrases like '帮我搜一下美食' and '看看抖音热榜' but no boundary checks, confirmation rules, or disambiguation requirements. This can cause overbroad automatic execution of a networked scraper, leading to unintended external requests, surprise automation, or invocation when the user was only asking informationally rather than authorizing an action. The risk is higher here because the skill performs live scraping/browser automation rather than a harmless local transformation.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description claims the skill supports natural-language requests but does not define clear trigger boundaries or constrained intents, which can cause the agent to invoke the skill for loosely related user input. In an agent setting, overly broad activation increases the chance of unintended scraping actions, privacy issues, or execution in contexts the user did not explicitly authorize.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal