ClawHub

douyin-publisher

Security checks across malware telemetry and agentic risk

Overview

This skill transparently automates posting a user-confirmed video to Douyin, with real account side effects that users should control carefully.

Install only if you want OpenClaw to operate a Douyin creator account through a saved browser session. Confirm the exact video, title, description, and tags before publishing, use trusted local files or trusted URLs only, and remove the saved browser profile if you no longer want the Douyin session retained locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill explicitly instructs the agent to run a Playwright-based publishing script against Douyin's creator platform, which requires network access, yet the manifest does not declare any corresponding permission. This creates a permission-model mismatch that can lead to undeclared outbound access and reduces the user's ability to understand or constrain what the skill will do.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The script downloads arbitrary remote URLs to local storage using urllib.request.urlretrieve with no allowlist, size limit, content-type validation, or network restrictions. In an agent context, this can be abused for SSRF-like access to internal resources, unexpected local disk consumption, or retrieval of untrusted content from attacker-controlled endpoints before it is processed and uploaded.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrase "发布内容到抖音" is broad and semantically close to common user requests about posting content, making accidental or overly eager invocation more likely. In this skill, invocation is especially sensitive because it can open a browser session and ultimately publish content to a real social media account, so unintended activation has meaningful side effects.

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.40.0
Confidence
94% confidence
Finding
playwright>=1.40.0

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal