Skills
skills/hwj123hwj/sanwan-skills/douyin-analytics/Gen Agent Trust Hub

douyin-analytics

Fail

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the user to provide their Douyin session cookie (including sessionid) via the chat interface. Handling sensitive authentication tokens like session IDs is a high-risk practice that grants full account access.
  • [CREDENTIALS_UNSAFE]: The agent is instructed to save the user's cookie in a plaintext file at /tmp/dy_cookie.txt. Storing sensitive authentication tokens in temporary files is an insecure practice that exposes credentials to other system processes.
  • [COMMAND_EXECUTION]: The skill executes shell commands (echo, python) to write sensitive data to the filesystem and run scripts with arguments derived from user input.
  • [EXTERNAL_DOWNLOADS]: The skill ensures the 'requests' library is installed from the official registry during the environment preparation phase.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 7, 2026, 03:19 AM