ClawHub

抖音作品搜索

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Douyin search helper that sends search terms to RedFox using a user-provided API key; its recurring subscription feature should be used deliberately.

Install only if you trust RedFoxHub with your Douyin search keywords and are comfortable providing a REDFOX_API_KEY. Prefer storing the key in the platform’s normal secret/config mechanism, avoid pasting it into chat or logs, and only confirm daily subscriptions when you understand how to disable the recurring task later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README states the skill can be used via broad natural-language descriptions with no fixed commands, which can cause accidental or ambiguous invocation during normal conversation. In an agent environment, this increases the chance the skill is triggered without clear user intent, potentially causing unintended external queries or subscriptions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Encouraging casual conversational input as a trigger without clear limits makes activation conditions overly vague. This is risky because ordinary chat about trending videos could be interpreted as a tool invocation, leading to unintended use of external services and possible noisy or privacy-impacting queries.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README explicitly says users can invoke the skill with unrestricted natural language, without defining narrow trigger boundaries. In an agent environment, this increases the chance of accidental activation from ordinary conversation and can cause unintended external queries or actions to occur without clear user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The examples use everyday colloquial phrases like normal conversation as valid triggers, which makes accidental tool invocation more likely. In conversational systems, overlapping with common speech can lead to unintentional searches, data retrieval, or workflow branching when the user did not mean to use the skill.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README advertises daily subscription pushes as a feature but does not clearly explain that this creates an ongoing automated action with notification and data-handling implications. Users may not understand that their query terms may be retained and used for recurring processing, which creates consent and privacy risks.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Describing subscription as 'one-click' or '查完即订' minimizes the significance of enabling an ongoing automated behavior. This can lead users to subscribe without appreciating that future notifications and persistent tracking of interests may continue until they actively opt out.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill tells users to place an API key in a plaintext config file or export it directly in the shell without warning about shell history, file permissions, or secret persistence. This increases the chance that the credential is exposed to other local users, logs, backups, screenshots, or command-history recovery, leading to unauthorized API use.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script transmits user-supplied search keywords and optional date ranges to a third-party API endpoint, which creates a privacy and data-handling risk if users are not clearly informed that their input leaves the local environment. In this skill context, the entire purpose is remote Douyin search, so external transmission is expected, but the lack of explicit disclosure and consent still makes it a real security/privacy issue rather than malicious behavior.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal