ClawHub

douyin-keyword-search

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Douyin search-scraping skill with expected browser automation, but users should install it in an isolated environment and avoid using a sensitive personal login.

Install and run this in a virtual environment or disposable workspace, review the Playwright/Chromium installation before approving it, and use a dedicated Douyin account or isolated browser session rather than a sensitive personal account. Delete any debug_screenshot.png after failed runs if it shows private or account-linked content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
def install_dependencies():
    """安装依赖"""
    print("正在安装 Playwright...")
    os.system(f'"{sys.executable}" -m pip install playwright')
    os.system(f'"{sys.executable}" -m playwright install chromium')
    print("依赖安装完成,请重新运行脚本")
    sys.exit(0)
Confidence
93% confidence
Finding
os.system(f'"{sys.executable}" -m pip install playwright')

os.system() or os exec-family call

High
Category
Dangerous Code Execution
Content
"""安装依赖"""
    print("正在安装 Playwright...")
    os.system(f'"{sys.executable}" -m pip install playwright')
    os.system(f'"{sys.executable}" -m playwright install chromium')
    print("依赖安装完成,请重新运行脚本")
    sys.exit(0)
Confidence
93% confidence
Finding
os.system(f'"{sys.executable}" -m playwright install chromium')

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation encourages browser automation against Douyin while noting that login may be required, but it does not warn users that running the skill in a logged-in browser context can expose session cookies, account state, personalized data, or other authenticated content to the automation workflow. In an agent/skill setting, that omission is security-relevant because users may unknowingly grant the tool access to their live account context and sensitive browsing data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal