Skills
skills/allinherog-star/ai-skills/douyin-kol-search/Gen Agent Trust Hub

douyin-kol-search

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to an external API to fetch Douyin creator data.
  • Evidence: The script scripts/run.py uses urllib.request to send POST requests to https://ai-skills.ai/api/execute.
  • Context: This activity is documented in the skill's manifest and is necessary for the skill's stated purpose of searching remote databases.
  • [CREDENTIALS_UNSAFE]: Authentication with the third-party service is handled through environment variables.
  • Evidence: The variable AISKILLS_API_KEY is retrieved from the environment in scripts/run.py and passed in the X-API-Key header.
  • Security Posture: This follows standard best practices for API key management, avoiding the use of hardcoded secrets or insecure storage.
  • [DATA_EXFILTRATION]: User-provided search criteria are transmitted to the ai-skills.ai domain.
  • Evidence: Parameters such as keyword, contentTag, and followerRange are packaged into a JSON payload and sent to the server.
  • Context: The SKILL.md frontmatter includes a security section explicitly listing the data sent (skillId, params, X-API-Key), ensuring the user is informed of the data flow.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 08:58 AM