ClawHub

Douyin Script Writer

Security checks across malware telemetry and agentic risk

Overview

The skill’s marketing-script purpose is coherent, but it appears to store brand, preference, and image-extracted information across conversations without clear opt-in or deletion controls.

Install only if you are comfortable with the agent retaining brand briefs, product details, preferences, and possibly image-extracted information for future conversations. Avoid uploading confidential marketing plans, customer data, unreleased product material, or personal information unless the skill adds explicit opt-in memory controls and a way to review or delete saved data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation description is very broad and could trigger on ordinary requests involving script writing, rewriting, memory, preferences, or image uploads across many product categories. Over-broad routing increases the chance that users are funneled into a skill that stores brand and preference data or processes uploads when they did not explicitly intend that behavior, creating privacy and inappropriate data-handling risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill states it will remember brand information, product details, and user habits across conversations, but it does not warn users that this data may be retained or reused later. In this context, persistent memory can capture business-sensitive brand strategy or personal preferences without informed consent, increasing privacy and cross-session data leakage risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The image workflow directs the system to extract structured information from uploaded images, including BREF fields, and then store it in memory without a privacy warning or explicit consent step. Uploaded images may contain commercially sensitive data, internal marketing plans, or personal information, so automatic extraction and retention materially increases confidentiality risk.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs persistent storage and reuse of user-provided brand preferences and image-extracted data across conversations, creating a natural-language data retention channel. In a marketing/brand context, this can accumulate sensitive commercial information and user-specific preferences that may later be surfaced to the wrong user, leaked in responses, or retained longer than expected.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal