Security audit

IceCube Xiaohongshu Flow

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Xiaohongshu publishing workflow, but it needs Review because it can publish through a real account using an external service without clear confirmation, scoping, or session-safety guidance.

Install only if you are comfortable verifying the external Xiaohongshu MCP binary yourself and using it with a Xiaohongshu account. Require manual approval of every title, body, image, private-message action, and publish command, and stop the background MCP service when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill is explicitly designed to automate external posting to a real third-party account, yet it provides no warning that execution can publish publicly and affect the user's platform account, reputation, or policy compliance. In this context, omission of consent and review gates is dangerous because the documented workflow encourages routine unattended posting.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: These instructions cover login, service startup, validation, and publishing through an API client, but never require human review or confirmation before posting. Because the workflow authenticates to a real social-media account and then automates publication, a mistaken or malicious invocation could immediately create unwanted public posts and persist account-affecting state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal