Back to skill

Security audit

Douyin NLP Search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed mock Douyin search helper with broad trigger wording, but it does not show hidden data access, persistence, credential use, or destructive behavior.

Install only if you understand that the current results are mock examples, not verified live Douyin data. Use it for parsing/demo workflows, and require explicit confirmation plus a real, scoped data source before enabling browser automation, API keys, account sessions, or actual scraping.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a Douyin search/scraping tool, but the core implementation only returns hardcoded sample data and synthetic URLs. This is dangerous because downstream agents or users may trust fabricated results as real external data, leading to misinformation, bad decisions, or unsafe automation based on nonexistent search results.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation and CLI framing describe this as an actual Douyin search tool, while the implementation itself states it is only a simulated mock. This mismatch can mislead operators, agents, or integrators into believing they are interacting with live data, which creates integrity and trust issues in agent workflows.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README states the skill will automatically trigger for broadly defined Douyin search requests without documenting boundaries, exclusions, or confirmation requirements. In an agent environment, overly broad auto-activation can cause unintended tool invocation, data access, or scraping behavior when the user did not explicitly consent to using this specific skill.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad enough to match many ordinary search-related requests, causing the skill to activate outside a clearly bounded Douyin-specific context. Overbroad activation can route unrelated user queries to a scraping-oriented skill, increasing the chance of unintended data access, incorrect tool use, or policy bypass through mis-selection.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The execution flow relies on common keywords such as '搜索', '找', and '视频', which are too generic to safely determine when this skill should run. Ambiguous activation logic increases the risk of accidental invocation and inappropriate handling of user requests in contexts unrelated to Douyin scraping.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example triggers are very broad natural-language phrases like common user search requests, which increases the chance that the skill activates in situations where a user is making a generic request rather than explicitly invoking this tool. In an agent environment, this can cause over-triggering and unnecessary scraping or data access, especially because the examples cover many everyday content-discovery intents without clear boundaries or explicit opt-in.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.