ClawHub

Douyin Video Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it reuses browser session cookies to download media and writes persistent local notes without enough user control or scoping.

Install only if you are comfortable with this skill opening Douyin in Chrome, using your active browser session cookies for media retrieval, running local Python helpers, saving audio under /tmp/douyin_transcribe, and writing transcript/analysis files into the configured Obsidian vault. Before use, restrict downloads to known Douyin/ByteDance media hosts, verify all hardcoded paths are yours, and add a manual confirmation step before cookie-authenticated downloads or note writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly directs use of shell commands, local helper scripts, and filesystem reads/writes, but does not declare corresponding permissions. This creates a transparency and consent problem: the runtime or user may not realize the skill can access local files, execute commands, and write artifacts, increasing the chance of unintended or over-broad execution.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script extracts document.cookie from the browser context and forwards it in a separate curl request, effectively repurposing authenticated browser state outside the browser's normal protections. That creates credential-handling and session-reuse risk, especially if the page or bridge exposes cookies for an authenticated Douyin session and the tool is run on untrusted URLs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The listing highlights capabilities like extracting metadata, capturing/downloading audio, and saving results into Obsidian, but it does not clearly warn users about the data-handling side effects and local persistence involved. In a skill that processes third-party video URLs and stores transcripts/analysis, missing disclosure can lead users to trigger collection and retention of content they did not realize would be downloaded or written into their knowledge base.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The listing explicitly advertises downloading audio and writing transcripts/analysis into Obsidian, but provides no warning that the skill may persist data locally or modify a user knowledge base. That can lead users to trigger storage and file changes without informed consent, which is risky when handling third-party media, potentially sensitive transcripts, or shared vaults.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly documents authenticated audio download from a logged-in browser context and writing transcripts/analysis into local Obsidian notes, but it does not clearly warn users about privacy, copyright, credential-scoped access, or filesystem side effects. In this context, the skill processes third-party media and persists derived content locally, so absent disclosure and consent guidance increases the risk of unexpected collection, retention, and leakage of sensitive or restricted content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs writing transcript and analysis notes directly into an Obsidian vault path without an explicit warning or consent step. Because note vaults often contain sensitive personal or business information, silent writes can cause data integrity issues, privacy surprises, or unwanted persistence of scraped/transcribed content.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly recommends retrying media downloads with browser-derived headers and cookies, effectively reusing authenticated session material for network requests. This is dangerous because cookies and auth headers may expose account/session data to helper scripts, logs, subprocess arguments, or unintended endpoints, and can facilitate access beyond what the user expects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow explicitly instructs using browser-derived cookies plus referer/origin/user-agent headers to bypass a 403 when downloading Douyin audio. That can repurpose authenticated browser state for direct media retrieval without user disclosure or clear authorization checks, increasing the risk of session misuse, ToS circumvention, and unintended access to protected content.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script downloads media to /tmp without meaningful disclosure or confirmation, while the stated skill is framed as analysis rather than local acquisition of media artifacts. In a user-facing automation context, silently persisting downloaded content can create privacy, compliance, and data-handling issues even if the technical action is straightforward.

Missing User Warnings

High
Confidence
98% confidence
Finding
This code sends browser-derived Cookie and User-Agent headers in an outbound request without explicit warning, effectively exporting session context from the browser into a separate network client. In this skill context, that is more dangerous because the tool accepts a user-supplied Douyin URL and is expected to analyze content, not transparently replay authenticated state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal