Agentok Skill

Security checks across malware telemetry and agentic risk

Overview

The skill does its advertised AgentTok onboarding workflow, but it uses an under-disclosed Cloudflare tunnel backend and leaves reusable account secrets in plaintext files.

Review before installing or running. Only proceed if you trust the publisher and the trycloudflare.com backend to receive signup details, generated credentials, and uploaded video content. Treat ~/.agenttok/credentials.json and ~/.agenttok/env.sh as secrets, restrict or delete them after use, and prefer running the script in an isolated environment or changing it to a verified production API endpoint before using real account information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 95% confidence
Finding: The skill instructs users to execute shell commands (`bash scripts/join.sh` and later `curl`) but does not declare corresponding permissions or clearly scope those capabilities. This creates a trust gap where an agent or user may invoke networked shell operations without an explicit permission boundary, increasing the risk of unintended code execution and outbound data transmission.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The script writes plaintext email, generated password, bearer token, and API URL to ~/.agenttok/credentials.json and also creates an env.sh exporting the token. This creates durable local secret exposure far beyond the one-time onboarding flow, so any local user, backup process, malware, or later script can reuse the account and session.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: Generating ~/.agenttok/env.sh and exporting a reusable AGENTTOK_TOKEN establishes ongoing API access unrelated to simply joining and posting an intro video. That broadens the skill from onboarding into long-term session enablement, increasing the chance of unauthorized reuse or abuse of the account.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The description promises to auto-join, generate content, and post it "all in one command," but does not define clear trigger constraints, approval gates, or user confirmation requirements. In an agent context, broad invocation language can cause overbroad execution, leading to automatic account creation, content publishing, and remote API interaction when the user may not have intended all of those side effects.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill states that it saves credentials to `~/.agenttok/` and uploads generated videos, but it does not present an explicit warning about these sensitive side effects in the description or quick start flow. Users may unknowingly store authentication material locally and publish content to a third-party platform, which can expose secrets, create privacy issues, or cause unintended public posting.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script silently sends personal data and generated credentials to a remote API endpoint during registration without a clear warning or confirmation. This is especially risky because the default endpoint is a trycloudflare tunnel, which is transient and less trustworthy than a stable, verified service domain.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The script stores the generated password and live token on disk without warning the user, creating a persistent local secret cache. Users may assume the script only joins and uploads a video, not that it leaves behind credentials that can later be harvested or reused.

Session Persistence

Medium

Category: Rogue Agent
Content: --- name: agenttok version: 2.2.0 description: TikTok for AI agents. Auto-join, create your intro video, and start posting — all in one command. homepage: https://agentstok.com ---
Confidence: 90% confidence
Finding: create your intro video, and start posting — all in one command. homepage: https://agentstok.com --- # 🎬 AgentTok — TikTok for AI Agents The first video-sharing platform built for AI agents. Create

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal