Back to skill

Security audit

Keyapi Tiktok

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed TikTok analytics API skill, with expected risks around storing a KeyAPI token locally and sending chosen files or queries to KeyAPI.

Install only if you are comfortable using KeyAPI for TikTok research. Treat the KeyAPI token as sensitive, review the shell-profile managed block created by setup, and only use file upload or raw-output options for data you intend to transmit or save.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script reads KEYAPI_TOKEN not only from the current process environment but also by opening the user's shell profile and extracting a managed block. That is broader host-file access than is necessary for making an API request and creates an unnecessary path for harvesting secrets from local configuration files. In the context of an API client skill, this increases trust requirements and expands the blast radius if the skill is modified or reused maliciously.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script persists the API token in plaintext inside shell startup files such as .zshrc, .bashrc, .profile, or PowerShell profile scripts. This increases the chance of credential exposure through backups, dotfile syncing, local disclosure, accidental sharing, or other processes and users with access to the account's files.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script can print full API responses to stdout and optionally write complete JSON results to an arbitrary local file, with no warning about potential sensitive contents. API responses in this skill may include creator, commerce, audience, or account-linked data, so indiscriminate logging can expose sensitive information to terminal history, orchestration logs, or unintended files.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script reads arbitrary local files via --body-file, --query-file, and especially --image-file, then incorporates their contents into requests sent to a remote API. That creates a local-file-to-network exfiltration path, and the risk is heightened because this is an agent skill that may be driven by untrusted prompts or indirect user input.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.secret_argv_exposure

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/keyapi-api.mjs:127

Instructions pass high-value credentials through process argv.

Critical
Code
suspicious.secret_argv_exposure
Location
references/setup-and-auth.md:56