ClawHub

抖音爆款爬虫

Security checks across malware telemetry and agentic risk

Overview

Review before installing: the skill is framed as a Douyin scraper, but its Python and Node scripts return synthetic placeholder video data instead of real scraped results.

Install only if you understand it is currently closer to a Playwright/demo scaffold than a trustworthy Douyin data scraper. Do not rely on its returned video metrics or hot-list data as real Douyin evidence unless the implementation is changed to extract actual page data and clearly marks mock versus live results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to use shell commands, access environment-dependent tooling, and write output files, but it declares no permissions. This creates a trust and policy gap: an orchestrator may expose capabilities the user did not explicitly approve, increasing the chance of unintended command execution or filesystem writes.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill advertises Douyin scraping but the implementation returns fabricated placeholder records instead of extracted site data. This is dangerous because downstream agents or users may trust the output as real scraped intelligence and make decisions based on false data, creating integrity and provenance risks.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The comment and surrounding flow imply the code is collecting live page/video data, but it only emits sample data. Misleading implementation details increase the chance that operators, agents, or integrators will rely on non-existent scraping behavior and trust inaccurate outputs.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The hot-list retrieval path is presented as fetching Douyin hot-list data but instead synthesizes fake entries. In a scraping skill, this context makes the issue more dangerous because the core promised capability is data collection, so fabricated results directly undermine trust and can mislead automation pipelines.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill advertises Douyin scraping but actually returns fabricated mock data after merely opening a page, which is a security-relevant integrity issue. Users or downstream agents may trust the output as real scraped data and make decisions based on false information, while the silent fallback hides the deception and makes detection harder.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The browser helper implies operational scraping support, but it only checks whether a page can be opened and then silently falls back to synthetic results without surfacing that no extraction occurred. In an agent skill, this can mislead automation into treating fake output as externally sourced evidence, creating integrity and trust-boundary problems.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The natural-language examples are broad enough that ordinary conversation could be interpreted as a command to run the scraper. In an agent setting, ambiguous triggers can cause unintended shell execution, network access, or data export without clear user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The extraction rules rely on common conversational phrases like '搜索一下' and '帮我找' without a strict trigger boundary. That makes accidental invocation more likely and may transform benign user text into executable parameters, especially when combined with shell-based workflow instructions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal