ClawHub

Douyin Upload Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a coherent Douyin publishing tool, but it can send extracted video audio to a remote ASR API by default despite privacy wording that implies local-only transcription.

Install only if you are comfortable granting Douyin OAuth publishing access and storing local tokens/config. For sensitive videos, set ASR mode to whisper-cpu or whisper-gpu before running prepare; use api mode only when you intentionally trust the configured ASR provider and understand that extracted audio may leave your device. Keep auto-confirm disabled unless you specifically need unattended publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill performs sensitive actions involving environment variables, networked OAuth/API calls, and shell execution, but it does not declare any permissions or capability boundaries. This creates a transparency and policy-enforcement gap: a host agent or reviewer may underestimate the skill's access to local secrets, filesystem paths, and external services, increasing the chance of unsafe execution in a privileged context.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The README claims speech-to-text is fully local and privacy-preserving, but elsewhere documents a default third-party ASR API mode. This can mislead users into believing audio-derived content never leaves the device, causing unintended disclosure of sensitive voice or video content.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The documentation presents local whisper.cpp ASR as a core feature while also stating that the default ASR mode is a third-party API. This inconsistency creates a security-relevant mismatch between user expectations and actual behavior, especially for users relying on the tool for offline/private processing.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill description claims local speech-to-text, but this code supports an 'api' ASR mode that extracts audio from user videos and uploads it to a third-party endpoint. That creates a data-flow mismatch between stated behavior and actual capability, which can expose private spoken content, copyrighted material, or personal data without the user's informed expectation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README documents a third-party ASR API mode without clearly warning that audio or transcript data may be transmitted off-device. In a tool marketed around privacy and local processing, this omission increases the risk of users exposing confidential media contents without informed consent.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The README lists sensitive configuration variables such as client secrets, encryption keys, API URLs, and API keys without adjacent guidance on secret storage, logging hygiene, or privacy consequences. This can lead users to place secrets in shell history, CI logs, or insecure configuration files.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This code posts extracted audio to a configurable external ASR API using fetch, yet there is no indication here of any user-facing warning, consent gate, or disclosure. Because video audio often contains sensitive speech and ambient personal information, silent transmission to a third party meaningfully increases privacy and compliance risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal