小红书内容生成器

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk Xiaohongshu copywriting helper that generates text locally and shows no evidence of credential access, network activity, persistence, or automatic posting.

Before installing, understand that this skill is mainly a content template generator. Review generated posts for accuracy, originality, platform-policy compliance, and sensitive-topic claims, especially for parenting, medical, legal, financial, or paid promotional content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases are broad, natural-language requests such as '生成小红书内容' and '写小红书文案', which are likely to overlap with ordinary user intent and cause the skill to activate unexpectedly. This can lead to prompt-routing confusion, unintended invocation, and reduced user control, especially in environments with multiple skills handling general writing tasks.

Vague Triggers

Low

Confidence: 80% confidence
Finding: The usage examples reinforce very general activation patterns like '生成一篇关于[主题]的小红书笔记' without constraints or explicit invocation markers. While not directly exploitable for code execution or data theft, this broadens the routing surface and increases the chance of accidental or competing skill activation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal