ClawHub

小红书种草带货

Security checks across malware telemetry and agentic risk

Overview

This is mostly a Xiaohongshu content-marketing helper, but it also tells the agent to assist with login using a stored account identifier and secret-file location.

Review before installing. Use this skill only for drafting, content review, image prompts, and publication checklists unless the author removes the phone number, removes the secret-file path, and states that the human user performs all login and publishing steps manually.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly documents a phone number, reveals the location of stored secrets, and instructs the agent to use browser automation to fill login credentials for a Xiaohongshu account. This expands the skill from content drafting into account access and credential handling, creating a real risk of unauthorized account actions, credential exposure, and unsafe automation against a live platform.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The document states that publishing is manual and human-reviewed, but later directs browser-assisted login and auto-fill behavior. This contradiction can mislead reviewers and operators about the true authority granted to the skill, increasing the chance that an agent performs account-affecting actions under the guise of a 'manual' workflow.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill discloses a phone number, points to where credentials are stored, and instructs automated login assistance without adequate warnings or safeguards. This is dangerous because it normalizes secret discovery and account operation by the agent, increasing risk of credential leakage, misuse of third-party accounts, and privacy violations.

Ssd 3

High
Confidence
99% confidence
Finding
The skill directs the agent to retrieve or use stored login secrets and automatically fill account access details during the publishing phase. In the context of a content-creation skill, this is particularly dangerous because it grants the agent operational access to a real external account, enabling unauthorized posting, account misuse, and exposure of sensitive authentication material.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal