ClawHub

抖音作品实时搜索

Security checks across malware telemetry and agentic risk

Overview

The skill performs the advertised Douyin search, but it also creates recurring daily search tasks without enough cancellation and control detail.

Install only if you are comfortable sharing search keywords with Redfox and storing a REDFOX_API_KEY locally. Be especially careful with the subscription feature: confirm exactly what scheduled task will be created, where it runs, and how you will cancel it before enabling daily pushes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The documentation expands a realtime search skill into a subscription and push-notification service, which materially changes its behavior from a one-shot query tool to a persistence-capable automation tool. That broader capability increases risk because it can create ongoing background actions and repeated outbound queries beyond what users may expect from the stated purpose.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill documents scheduled task creation for a tool whose stated purpose is only realtime search. Allowing cron-like persistence is dangerous because it enables recurring execution and potential automated notifications, which can be abused for unauthorized resource use, stealthy persistence, or repeated data collection.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill is triggered by broad natural-language phrases such as generic search requests and follow-up commands like '下一页' or '上一页', without clear scoping that the user is invoking this specific tool. This can cause unintended activation, external API calls, and disclosure of live third-party data when the user may have been speaking conversationally or referring to prior context rather than requesting this capability.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises daily subscription push and timed task creation, but does not clearly disclose persistence, execution schedule, data source usage, cancellation method, or that the action continues beyond the current interaction. Users may unknowingly enable ongoing monitoring or notifications, which creates consent, privacy, and resource-usage risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The subscription flow lacks a clear upfront warning that agreeing will create a recurring daily task and automatic push behavior. This weak consent model can lead users to authorize ongoing automation without understanding persistence, frequency, or notification effects, making misuse or surprise background execution more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script transmits the user-provided search keyword and an API credential to a third-party Redfox endpoint, but its usage text and comments do not clearly disclose that user input leaves the local environment. In an agent-skill context, this matters because users may assume a local search helper while the tool actually performs remote data transfer, creating privacy and consent risk for sensitive queries.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal