ClawHub

抖音爆款爬虫

Security checks across malware telemetry and agentic risk

Overview

This Douyin scraping skill is mostly purpose-aligned, but it should be reviewed because it encourages using a real logged-in browser profile and can return fabricated results as if they were scraped data.

Install only if you are comfortable with browser automation against Douyin. Prefer an isolated browser profile, do not reuse your main logged-in session unless you explicitly intend to, and treat script results as demo/mock data unless you verify that real page extraction was implemented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The function claims to search Douyin content but returns fabricated placeholder records derived from the user keyword rather than data actually extracted from the site. This is dangerous because downstream users or agents may treat the output as real intelligence, causing integrity failures, bad decisions, or silent data poisoning in automation pipelines.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The hot-list path similarly fabricates synthetic "热榜视频" entries instead of collecting actual Douyin hot-ranking results. In a scraping skill, presenting mock results as real data undermines trust and can mislead analytics, reporting, or automated decision-making that depends on authenticity.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly recommends reusing the user's logged-in browser profile (`profile="user"`) to bypass Douyin anti-bot checks, but it does not warn that this exposes the user's authenticated session, cookies, account data, and potentially private content to the automation context. In an agent setting, instructing session reuse for scraping a third-party site materially increases the chance of unintended access to personal data or account actions, especially because the skill is designed to operate through browser automation on behalf of the user.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation phrases are broad everyday-language requests such as '搜索一下海鲜视频' and '看看抖音热榜有什么', making accidental triggering plausible during normal conversation. Because the skill can open websites, reuse login state, and run scripts, unintended activation could lead to privacy exposure or unapproved actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends `profile="user"` to reuse the user's logged-in browser session but does not clearly warn that this may expose account-scoped data, cookies, search history, and other authenticated content to the automation flow. In this context, using a real logged-in Douyin session materially raises privacy and account-risk concerns, especially when combined with automated browsing and scraping behavior.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger examples are very broad, everyday Chinese requests such as '搜索一下海鲜视频' and '抖音上最近什么最火', which can overlap with normal user conversation and cause the skill to be invoked unintentionally. In a skill that performs browser automation or scraping, unclear invocation boundaries increase the risk of unexpected external actions, data collection, or policy-violating scraping without explicit user intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal