ClawHub

Douyin To Photos

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it helps save selected Douyin videos to Photos, but users should understand that selected links are sent to resolver services.

Install only if you are comfortable sending the Douyin links you choose to tikwm.com or another resolver endpoint you configure. Leave the fallback API blank unless you trust it, keep Photos permission add-only, and use the shortcut only for content you are allowed to download and store.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The guide claims a minimal-permission/privacy-safe posture in its compliance section, but the workflow also reads from the clipboard and sends user-supplied Douyin links to third-party resolver APIs. This mismatch can mislead users about the actual data flows and consent surface, increasing privacy risk and reducing informed consent.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The workflow saves downloaded media directly into the Photos app without any explicit user-facing warning or confirmation step in the logic shown. This can cause unintended persistence of downloaded content in a sensitive personal library, especially if triggered from broad inputs or automation hooks like Share Sheet or Back Tap.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The shortcut sends user-provided Douyin share URLs to an external third-party API for resolution, but the manifest contains no privacy disclosure, consent gate, or trust boundary explanation. Shared URLs may contain personal, tracking, or private content references, so transmitting them off-device creates a real privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The manifest explicitly sends user-supplied Douyin links to third-party API providers and saves retrieved media to Photos, but it does not declare an explicit in-workflow user warning or consent step for these external transmissions and device-side actions. In this skill context, the network behavior is expected, but the absence of clear user-facing disclosure increases privacy and trust risk because shared links may contain identifiers or reveal viewing intent to external services.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The shortcut is designed to transmit shared Douyin URLs to third-party parsing services and then fetch the returned video URL, but the documentation does not clearly warn users that their links and related metadata may be exposed to external operators. In this skill context, that omission is more significant because the core function depends on third-party network services, making data egress inherent rather than incidental.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends the user-supplied Douyin share URL to a third-party API provider to resolve a no-watermark video URL, but there is no built-in disclosure, consent prompt, or trust boundary enforcement in the script itself. This creates a real privacy issue because share links can reveal user interests or private content references, and the skill’s purpose explicitly depends on transmitting that data off-device to external services.

External Transmission

Medium
Category
Data Exfiltration
Content
local share_url="$2"
  local timeout_sec="$3"

  curl -fsS --max-time "$timeout_sec" \
    -X POST "$api_url" \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode "url=$share_url" \
Confidence
89% confidence
Finding
curl -fsS --max-time "$timeout_sec" \ -X POST "$api_url" \ -H 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode "url=$share_url" \ --data "hd=1" \ --data "count=

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal