ClawHub

抖音爆款爬虫

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a disclosed Douyin scraping tool, but its main scripts can return fabricated results while presenting them as scraped data.

Install only if you are comfortable with a Douyin automation tool that may output simulated data. Treat its JSON/CSV results as examples unless you verify that real page extraction has been implemented, and prefer explicit user confirmation before running searches or hot-list collection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill advertises scraping Douyin search results, but the core collection path fabricates example records after visiting the site instead of extracting real content. This is dangerous because downstream agents or users may trust the output as authentic data and make decisions, reports, or automations based on false information, creating integrity and supply-chain risk.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The hot-list function similarly returns fabricated ranking data rather than actual Douyin hot-list results, despite presenting itself as a live scraper. In skill context this is more dangerous because the tool is explicitly marketed for collecting trending content, so consumers are likely to assume the data is real and timely.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The description and examples use broad natural-language triggers like '搜索一下海鲜视频' and '看看抖音热榜' without clear boundaries for when the skill should activate. Broad trigger matching can cause the agent to invoke the scraper unexpectedly on loosely related user input, leading to unintended browsing, scraping, or file generation. Because the skill can launch scripts and browser automation, overbroad activation is more dangerous than a purely informational skill.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The guidance explicitly says that when the agent receives a natural-language request, it should call 'nl_search.py' directly. This encourages unconditional execution for user phrasing that resembles a search, without validation, scope checks, or confirmation. In an agent environment, that can turn ambiguous conversation into shell execution and automated web activity, increasing the risk of misuse, prompt-triggered actions, and unintended external interaction.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal