Security audit

Byted Tos Doc Process

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Bytedance TOS document-preview helper, but it handles cloud credentials and temporary document access links that users must protect.

Install only if you need Bytedance TOS document preview/conversion. Use temporary or least-privilege TOS credentials, avoid pasting secrets into chat or shell history, treat pre-signed URLs, preview links, tokens, and decoded URLs as temporary passwords, verify any destination bucket before export, and avoid --direct-url unless you trust the exact URL being fetched.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README encourages generating and using pre-signed URLs and even shows extracting and printing full preview links and tokens, but it does not warn that these URLs are bearer secrets. Anyone who obtains a logged, shared, or pasted pre-signed URL can access the associated object or derived preview until expiry, and printing tokenized preview URLs increases the chance of accidental disclosure through terminals, logs, chat transcripts, or issue trackers.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The guidance discusses parsing and debugging existing HTML preview links and direct URLs without warning that pre-signed preview URLs and embedded tokens are bearer secrets. If such URLs are copied into chats, logs, bug reports, or shared tooling, anyone possessing them may access the underlying preview content until expiration, creating an unintended data exposure path.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to supply access keys via environment variables and to generate pre-signed URLs, but it does not warn that both the credentials and the resulting URLs are sensitive. Pre-signed URLs often grant time-limited direct object access; if logged, pasted into chats, browser history, analytics, or error traces, they can expose private documents or enable unintended access until expiry.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The `--direct-url` option causes the script to perform an outbound HTTP request to an arbitrary user-supplied URL with no allowlist, scheme restriction, or warning. In an agent/skill context, this is effectively an SSRF-capable network primitive that can be abused to probe internal services, reach cloud metadata endpoints, or exfiltrate URL-embedded secrets through the runtime's network access.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.