douyinVideoCreator

Security checks across malware telemetry and agentic risk

Overview

This is a Douyin video analysis and scripting guide that asks for relevant user-provided content, with no hidden code execution or persistence.

Safe to install as a content-analysis and scripting aid. Redact usernames, faces, private messages, IDs, and other personal details from screenshots or uploads when possible, avoid sharing unnecessary third-party comment data, and review any recommended external crawler or downloader separately before installing or using it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly asks users to provide screenshots, account information, engagement metrics, comments, and later upload images/videos, but it does not provide a clear privacy notice, minimization guidance, or data-handling boundaries at the point of collection. This can lead users to disclose personal data, third-party content, or account-related information unnecessarily, increasing privacy, consent, and data-exposure risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal