小红书评论分析

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a normal API-backed Xiaohongshu comment analysis helper, with clear external API use but no hidden persistence or destructive behavior found.

Install only if you are comfortable sending Xiaohongshu links, parsed content details, and resulting comment-analysis task data to ai-skills.ai using your API key. Avoid submitting private, regulated, or unauthorized business/customer content unless external processing is acceptable for your use case.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The manifest enables implicit invocation for the skill without any visible trigger constraints, allowlist, or scope limitations. That can cause the agent to invoke this skill automatically in situations the user did not clearly request, which is risky because the skill appears designed to process user-provided 小红书 links and perform analysis that may involve external content and inferred profiling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal