ClawHub

Douyin Influencer Outreach

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it automates outbound promotional DMs, broad recipient targeting, and local storage of recipient data without clear safeguards.

Install only if you intend to run a compliant outreach workflow and can enforce your own safeguards: review every message before sending, avoid unsolicited bulk DMs, confirm platform-policy compliance, disable or purge local recipient logs where possible, and pin/update the OpenClaw dependency before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The helper templates are explicitly written to send unsolicited promotional group-buying messages ('团购群', '拉你进群') rather than the declared influencer-collaboration outreach. This indicates the skill is designed for spam or deceptive marketing automation, which can violate platform policies, mislead recipients, and be used at scale when combined with the automated DM functions.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The strategy logic targets broad categories like commenters, 'female/young' users, and unknown users rather than verified influencers matching the stated criteria. This broadens the automation from scoped influencer outreach into generalized consumer targeting, increasing the risk of mass unsolicited messaging and inappropriate profiling.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The function advertises support for a minimum works-count filter but never applies it, creating a mismatch between documented behavior and actual targeting. This can cause the automation to contact accounts outside intended bounds, undermining operator expectations and increasing abusive or noncompliant outreach.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill stores third-party profile data, unique identifiers, message content, timestamps, and metadata in a local CSV without any explicit notice, consent workflow, retention policy, or minimization controls. This creates privacy and compliance risk because sensitive outreach records can persist indefinitely and be exposed to other local processes, backups, or later misuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The examples explicitly automate personalized DM sending at scale, include anti-detection pacing guidance ('避免风控'), and record recipient profile attributes and outreach status without any privacy notice, consent standard, or data-handling constraints. In this skill context, that makes the capability more dangerous because it operationalizes spam/phishing-like outreach and third-party profiling, increasing risk of platform abuse, privacy harm, and non-compliant data collection.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file generates scripts to automatically populate a contenteditable field and send messages by simulating Enter, with no confirmation, preview, or user-consent gate in this code path. In the context of outreach automation, this materially increases the risk of large-scale spam, accidental sends, and policy-violating messaging without operator review.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The manifest explicitly describes searching influencers, browsing their content, and sending personalized DMs, but provides no warning that the skill will contact external parties or may process personal/profile data. In an outreach automation skill, this omission increases the risk of undisclosed messaging, privacy issues, and spam-like behavior because users may not realize the tool performs real outbound communications.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"openclaw": ">=2026.4.0"
  },
  "dependencies": {
    "openclaw": "*"
  }
}
Confidence
96% confidence
Finding
"openclaw": "*"

Known Vulnerable Dependency: openclaw — 10 advisory(ies): CVE-2026-32064 (OpenClaw's andbox browser noVNC observer lacked VNC authentication); CVE-2026-32006 (OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallbac); CVE-2026-41913 (OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret r) +7 more

High
Category
Supply Chain
Confidence
99% confidence
Finding
openclaw

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal