ClawHub

Xiaohongshu Browser

Security checks across malware telemetry and agentic risk

Overview

The skill appears to automate Xiaohongshu browsing as advertised, but it stores reusable login/session data locally without clear security warnings or full disclosure.

Install only if you are comfortable saving a local Xiaohongshu logged-in browser session. Treat ~/.openclaw/xhs_data and ~/.openclaw/xhs_auth.json like sensitive account access files, protect or delete them when finished, and avoid running this on shared machines or with high-value accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly performs web browsing and scraping via Playwright, which requires network access, but the metadata declares no permissions or environment requirements. This is a real security transparency issue because operators and policy engines may underestimate what the skill can do, especially when it also interacts with authenticated sessions.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script explicitly saves the browser storage state to ~/.openclaw/xhs_auth.json after manual login, which can contain active session cookies and other authentication material. Because the skill is described as browsing and screenshotting, silently persisting reusable auth state expands capability beyond the stated purpose and creates a credential theft or session hijacking risk if the file is later accessed by other local processes or users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to persist authenticated session data under ~/.openclaw/xhs_data but does not warn that these files may contain reusable cookies or tokens. If another local process or user can access that directory, the stored session could be abused to impersonate the account or access private browsing context.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The code uses a persistent Chromium profile directory and also writes auth state to disk, causing cookies, local storage, and potentially long-lived session artifacts to remain on the filesystem without an obvious warning or consent flow. In a skill that asks the user to manually log in, this is particularly sensitive because the persisted state can be reused later to access the account without re-authentication.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal