Back to skill

Security audit

抖音下载+语义分段

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the Douyin download and transcription work it advertises, but users should review it because it under-discloses transcript sharing with MiniMax.

Review before installing. Use it only for videos whose audio and transcript you are comfortable sending to external services. Set SILI_FLOW_API_KEY only when you want Silicon Flow transcription, and unset MINIMAX_API_KEY or use --no-segment if you do not want transcript text sent to MiniMax.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill’s stated purpose is downloading Douyin videos and extracting copy, but the implementation sends extracted audio and transcript text to third-party AI APIs for transcription and semantic segmentation. This is a real security/privacy issue because user content is transmitted off-host to external services without being clearly disclosed in the skill description, which can expose sensitive media or text and create data-handling/compliance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation states that the skill downloads videos to disk and sends audio content to Silicon Flow for transcription, but it does not clearly warn users about local file writes or third-party data transmission. This is dangerous because users may unknowingly process copyrighted, sensitive, or personal media and disclose its contents to an external service without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
douyin.js:143