抖音搜索爬虫

Security checks across malware telemetry and agentic risk

Overview

This Douyin scraping skill appears purpose-aligned, but it needs review because it can run shell-based scraping and write exported data with loose activation and output controls.

Review before installing. Use it only for Douyin scraping you are authorized to perform, avoid collecting unnecessary personal data, and direct exports to a dedicated folder. Be careful with output filenames and do not allow it to overwrite shell profiles, credentials, project configuration, or other important local files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill instructs the agent to invoke shell commands and write output files, but the manifest does not declare any permissions for shell, environment access, or file writes. This creates a permission mismatch where an agent or platform may grant more capability than users expect, reducing transparency and weakening security review around command execution and data export.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README explicitly encourages scraping and exporting Douyin video metadata and text to local files, but it does not clearly warn users about privacy, consent, retention, or downstream handling risks for scraped content. In a scraping skill, this omission increases the chance that users will collect and store personal or platform-derived data without understanding legal, privacy, or policy implications.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description says the agent can trigger the scraper from natural-language requests and automatically map them to commands, but it does not define tight boundaries for when activation is allowed. Overly broad triggering can cause unintended command execution from casual mentions of Douyin-related topics, especially because the mapped action reaches the shell and may write files.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation rule 'when the user makes Douyin-related requests' is ambiguous and includes examples that are broad enough to match many ordinary conversational requests. In this skill's context, ambiguous routing is more dangerous because the resulting action performs external scraping via shell commands and can save data to disk, expanding the effect of a mistaken invocation.

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The script writes to an arbitrary user-supplied filepath with fs.writeFileSync and no path restrictions, confirmation, or safe-directory enforcement. In an agent context, a natural-language-triggered skill could be induced to overwrite sensitive local files, shell profiles, configs, or workspace artifacts if an attacker can influence the output filename argument.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal