Security audit

myskill

Security checks across malware telemetry and agentic risk

Overview

The skill mostly fetches public Douyin trend data, but it also includes under-disclosed Telegram handoff behavior and an unsafe helper command path that need review before installation.

Install only after reviewing the Node scripts. Use the documented scripts/douyin.js hot command for simple trend retrieval, avoid or patch scripts/get-hot-trend.js unless the limit is strictly validated, and do not enable any Telegram or cron workflow unless the destination is removed or explicitly configured by you.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill metadata and documentation describe a simple data-fetching utility for Douyin hot trends, but the finding indicates additional undeclared behaviors: formatting content for Telegram, embedding a fixed chat_id/channel, preparing scheduled message delivery, and writing multiple local output/debug files. Hidden outbound messaging and persistence behavior materially expand the trust boundary and can enable unauthorized exfiltration, spam, or covert automation beyond the user's stated intent.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The file behavior materially exceeds the declared skill purpose. Instead of only fetching and outputting Douyin hot-trend data, it prepares Telegram delivery artifacts and is framed as a direct Telegram integration, which creates an undisclosed outbound messaging capability that users and reviewers may not expect.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: This section formats content specifically for Telegram, including Markdown links and push-style messaging, despite the stated purpose being data retrieval. In an agent-skill context, hidden communication features increase the risk of covert data exfiltration or unauthorized message delivery, even if the current payload is only trending data.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The script hard-codes a Telegram chat ID and writes Telegram-ready output files, enabling delivery to a fixed external recipient without user control. In a skill ecosystem, a hidden, fixed destination is especially dangerous because it can be repurposed for unauthorized notifications or exfiltration with minimal code changes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal