tiktok-video-analyzer

clawhub:tiktok-video-analyzer

View source

85/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

85/100

HIGH 1

LOW 6

Findings (7)

HIGH

Secrecy instruction PROMPT_INJECTION_008

prompt-injection L112

Detects instructions to hide actions from the user

never show a Python stacktrace to the user

FIX

Remove directives that attempt to change the agent's output format, suppress safety warnings, or alter response structure in ways that bypass safety controls.

FP?

Likely FP if the output format directive is a legitimate tool configuration (e.g., return results as JSON) that does not suppress safety features.

LOW

System package manager install EXTDL_011

external-download L60

Detects system-level package installation via brew, apt, yum, or dnf

brew install f

FIX

Pin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.

FP?

Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.

LOW

pip install arbitrary package EXTDL_009

external-download L61

Detects pip install of arbitrary packages that modify the host environment

pip3 install fa

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.

LOW

System package manager install EXTDL_011

external-download L66

Detects system-level package installation via brew, apt, yum, or dnf

apt install -y f

FIX

Pin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.

FP?

Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.

LOW

pip install arbitrary package EXTDL_009

external-download L67

Detects pip install of arbitrary packages that modify the host environment

pip install fa

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.

LOW

System package manager install EXTDL_011

external-download L149

Detects system-level package installation via brew, apt, yum, or dnf

brew install f

FIX

Pin system packages to specific versions where the package manager supports it. Document the exact packages required and prefer containerized environments to avoid system-wide changes.

FP?

Likely FP if the match is standard setup documentation listing well-known system packages (e.g., apt install git curl) that are prerequisites.

LOW

pip install arbitrary package EXTDL_009

external-download L150

Detects pip install of arbitrary packages that modify the host environment

pip install fa

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.