Douyin Search

Security checks across malware telemetry and agentic risk

Overview

The skill is a mostly coherent Douyin search helper, but it can automatically reuse a broader OpenClaw browser profile and saved session state without clear opt-in.

Install only if you are comfortable with Douyin browser automation and local saved login state. Before using it, remove or disable the hard-coded OpenClaw profile fallback, or ensure it only uses the dedicated `.browser-profile/` you explicitly created for this skill. Do not share or commit the browser profile directory because it may contain session cookies.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill clearly performs network actions via a search script, direct curl requests to Douyin endpoints, and browser navigation, yet the metadata declares no corresponding permissions or capability disclosure. This creates a transparency and policy-enforcement gap: users and orchestrators cannot accurately assess what the skill will access, and security controls may fail open or make incorrect trust decisions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The documented purpose is simple Douyin search, but the behavior extends to opening a headed login flow, persisting authentication state, and potentially reusing an external browser profile with existing cookies. That mismatch is dangerous because a user or agent may invoke a low-risk search skill without realizing it can touch authenticated session material, expanding the privacy and account-risk surface well beyond search.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The script hard-codes an external browser profile path (`/root/.openclaw/browser/openclaw/user-data`) and later reuses it for Douyin searches. That can silently consume cookies, session tokens, and browsing state from an unrelated application, creating cross-skill credential reuse and unauthorized access to accounts the user did not explicitly consent to use.

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The fallback search flow automatically checks for the OpenClaw profile and uses it if present, even though the skill's stated purpose is only Douyin search. This behavior broadens access beyond the skill boundary and may allow the script to act under another application's authenticated browser identity without user awareness.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README explicitly states that browser state is saved in `.browser-profile/` for reuse, which likely includes session cookies or authentication tokens. Storing persistent login state is not inherently malicious, but documenting it without warning users about the sensitivity of that data or recommending protections increases the risk of local credential theft, accidental commit, or unsafe sharing of the profile directory.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs use of a persistent browser profile that stores cookies and login state, but the privacy implications are not prominently disclosed before use. Persistent session storage can expose authenticated state to other tools, users, or future runs if the environment is shared or compromised, especially when the skill encourages long-lived login reuse.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The code is designed to access a persistent external browser profile but does not clearly disclose that saved login/session artifacts may be read and reused. In a skill context, that omission undermines informed consent and can expose private authenticated state to automation unexpectedly.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list includes broad phrases such as '搜索一下', '抖音上的', and '帮我找抖音' that can plausibly appear in ordinary conversation, increasing the chance the skill is invoked when the user did not explicitly intend to use it. Because this skill performs external Douyin searching and may rely on a persistent logged-in browser profile, unintended invocation can lead to unnecessary network actions, privacy exposure, or confusing agent behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal