ClawHub

douyin-download

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its Douyin download and transcription purpose, but it can send transcripts to MiniMax using an undeclared API key while the user docs say segmentation uses OpenClaw's built-in LLM.

Review before installing if you may process private, confidential, regulated, or copyrighted videos. Use --no-segment or remove MINIMAX_API_KEY to avoid sending transcript text to MiniMax, and only use extraction for audio you are comfortable sending to SiliconFlow. The maintainer should document MiniMax, curl, exact output paths, and remote data flows before this should be treated as fully transparent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no permissions, but its documented behavior clearly uses environment variables and shell-executable tooling such as ffmpeg. This creates a transparency and consent problem: operators may run the skill without understanding that it accesses secrets and invokes local executables, which increases the risk of unintended data exposure or unsafe execution in sensitive environments.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The description frames the skill as a Douyin downloader/transcript extractor, but the actual behavior also includes third-party data transmission, local media processing, LLM-based post-processing, and writing Markdown outputs. This mismatch is dangerous because users may provide media or credentials without realizing content is uploaded to external services and persisted locally, leading to privacy, compliance, and secret-handling risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation instructs users to download videos and extract transcripts while sending audio to an external ASR provider, but it does not clearly warn about network exfiltration or local file creation. In practice, users may process private or copyrighted content assuming everything stays local, when the skill may upload derived audio/text and write artifacts to disk without explicit notice.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The transcription function uploads extracted audio to a third-party API, which can expose user content, voices, and potentially sensitive spoken data without an explicit runtime warning or consent checkpoint. In a downloader/extractor skill, silent external transmission materially changes the privacy risk because users may assume processing is local.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The semantic segmentation step sends transcript text to MiniMax without an explicit warning that recognized content is being forwarded to another external provider. This can leak personal, copyrighted, or confidential transcript data beyond the original download scope, increasing third-party exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal