小红书评论策略生成器

Security checks across malware telemetry and agentic risk

Overview

This skill drafts Xiaohongshu comments and does not show hidden posting, credential access, network calls, or persistence, but its growth-focused use should be handled carefully.

Use this as a drafting aid only. Review comments before posting, avoid repetitive or deceptive engagement, follow Xiaohongshu rules, and treat any separate custom automation service advertised by the author as outside this reviewed skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The trigger phrase "生成评论" is so broad that it can activate on many ordinary requests unrelated to Xiaohongshu comment strategy, causing unintended routing or invocation. Overbroad triggers increase the chance of prompt collisions, confusing user experience, and accidental execution of a skill in contexts where its follower-growth tactics may be inappropriate.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly promotes follower growth and persona-building but omits warnings about platform rules, authenticity expectations, spam risks, or account penalties. In this context, the omission is meaningful because the skill is designed to influence public engagement behavior and could encourage manipulative or policy-violating activity without informing users of the risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal