抖音七日点赞飙升榜

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Douyin ranking lookup tool that uses a RedFox API key and offers optional recurring ranking updates, with no evidence of hidden collection, destructive actions, or exfiltration.

Install only if you are comfortable giving this skill a RedFox API key and sending ranking queries to redfox.hk. If you use the subscription feature, confirm the schedule, what preferences are stored, and how to unsubscribe or revoke the API key.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The interaction guide adds a subscription and scheduled push capability that is outside the stated skill scope of leaderboard querying. Scope expansion like this is dangerous because it can lead the agent to collect user preferences or initiate ongoing actions without the manifest clearly declaring those behaviors, weakening user consent and platform governance boundaries.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The documented support for scheduled delivery exceeds a read-only query tool and implies persistent notifications or background actions. If implemented from this guide, users may be enrolled into recurring outputs without the skill having clearly declared operational scope, consent requirements, or lifecycle controls such as review and revocation.

Vague Triggers

Medium

Confidence: 74% confidence
Finding: Several trigger phrases are broad enough to match ordinary ranking or trend queries, which can cause the skill to activate unexpectedly. Mis-triggering is primarily a routing/invocation safety issue: it may send user queries to an external API or shape responses when the user did not intend to use this specific tool.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill promotes subscription-based automatic push delivery but does not disclose retention, frequency, cancellation, or what user preferences are stored. That omission can lead to ongoing notifications and continued processing of user interests without informed consent, which is a privacy and user-expectation risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal