skills/allinherog-star/ai-skills/douyin-hotlist-overall/Socket

douyin-hotlist-overall

Warn

Audited by Socket on May 9, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

该技能表面用途明确，查询抖音热榜本身与所述功能基本一致；但其真实数据流并非直连官方数据源，而是把参数和 AISKILLS_API_KEY 发往第三方 ai-skills.ai，并通过 CLI + 下游 skills add 形成转移信任链。文档已披露这一点，因此更像高风险中介式集成而非明确恶意；在缺少可验证 CLI/runner 发布来源与源码审计信息时，应判为 SUSPICIOUS。

Confidence: 87%Severity: 68%

Audit Metadata

Analyzed At

May 9, 2026, 02:07 PM

Package URL

pkg:socket/skills-sh/allinherog-star%2Fai-skills%2Fdouyin-hotlist-overall%2F@ccb077bc175ecdadfe9e65607aadd23bb9778c50