抖音爆款爬虫 v3

Security checks across malware telemetry and agentic risk

Overview

This Douyin scraping skill is not clearly malicious, but it should be reviewed because it encourages logged-in browser or cookie-based scraping while giving inconsistent safety guidance.

Install only if you are comfortable with a Douyin scraper that may make live browser requests, save scraped data locally, and may prompt workflows involving logged-in sessions or cookies. Do not provide cookie files or use a logged-in browser unless you intentionally accept the account, privacy, and platform-policy risks; treat cookies as secrets and verify whether returned data is real or mock output before relying on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 82% confidence
Finding: The document says single-video parsing is unsupported, yet later instructs users to use logged-in browser sessions or cookies to obtain real page data. That inconsistency can mislead an agent into using broader access paths than the stated feature set, increasing the chance of over-collection or unauthorized session use.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The skill guides use of an already logged-in browser and an external browser tool to scrape Douyin data, which introduces access to authenticated session context not justified by the core search/hot-list use case. This can expose private or account-scoped data and turns a simple scraper into a session-bearing browser automation flow.

Intent-Code Divergence

High

Confidence: 96% confidence
Finding: The document warns users not to log in, then recommends logged-in browser sessions or cookie injection to retrieve real data. This contradiction normalizes insecure credential handling and can lead users or agents to exfiltrate or reuse session cookies despite earlier safety guidance.

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The function advertised as scraping Douyin search results fabricates hardcoded records instead of extracting real page content. This is dangerous because downstream users may trust and act on false data, making the skill deceptive and unsuitable for any workflow that depends on accuracy or provenance.

Description-Behavior Mismatch

Medium

Confidence: 98% confidence
Finding: The hot-list path also returns synthetic placeholder entries while presenting them as scraped trending data. This can mislead operators, poison datasets, and conceal that the scraper is non-functional, which is a trust and integrity issue.

Intent-Code Divergence

Medium

Confidence: 87% confidence
Finding: The comments and description claim the script scrapes video metadata and copy, but the implementation uses mock data instead. While not a code-execution issue, this mismatch increases the likelihood that users will deploy the skill under false assumptions and trust fabricated output.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The README explicitly promotes scraping Douyin content and saving video metadata and copywriting to local files, but only gives generic compliance notes and does not meaningfully address privacy, consent, retention, or lawful handling of potentially personal data. In a scraping skill, this omission increases the risk that users collect and retain creator/account information without appropriate safeguards or policy awareness.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The natural-language triggers are broad enough to overlap with ordinary conversation, making accidental invocation more likely. In a skill that can execute shell commands and perform web scraping, misfires can cause unintended external requests, data collection, or file generation without clear user intent.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documents writing results to disk and using cookie files, but does not clearly warn that outputs may contain scraped data and that cookie files are highly sensitive credentials. This increases the risk of credential leakage, insecure storage, and accidental retention of sensitive artifacts.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The code reads a cookie file and injects those cookies directly into the Playwright browser context, which can transfer authenticated Douyin session state to the scraper without any explicit warning, validation, or safe-handling guidance. In a scraping tool, this increases the risk of accidental credential exposure, misuse of another user's session, or unsafe operational practices if users supply sensitive browser-exported cookies.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal