ClawHub

Xiaohongshu Auto

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Xiaohongshu posting automation guide, with account/session risks that fit its stated purpose but need careful handling.

Install only if you are comfortable letting automation operate a logged-in Xiaohongshu account. Keep session.json and the Chrome profile private, do not commit or share them, review every post or batch before publishing, and avoid scheduled posting unless you can monitor and disable it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill is explicitly designed to automate posting to a live Xiaohongshu account, including scheduled and batch publishing, but the documentation does not emphasize that these actions can directly affect a real account without an explicit review or confirmation gate. In this context, accidental invocation, misuse by another agent, or misunderstanding by a user could lead to unintended publication, reputation harm, or platform-policy violations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to save cookies/session data and store a session file, but it does not clearly warn that session artifacts are credential-equivalent and can enable account access if exposed. Because this is a social-media automation skill tied to a real account, insecure handling of session.json or browser profiles could result in account takeover or unauthorized posting.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manifest explicitly instructs users to save login cookies/session data to a local session.json file, but it does not clearly describe that this file is effectively an authentication token and must be protected like a password. If another local user, malware, or an exposed backup reads that file, an attacker may be able to hijack the Xiaohongshu account and publish, view, or manage content without re-authentication.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The manifest description is broad enough to imply the skill may activate for a wide range of requests about Xiaohongshu posting or content management, without stating clear preconditions, scopes, or user-confirmation requirements. In an automation skill that can publish or manage social content, ambiguous triggering increases the chance of unintended invocation and unauthorized or accidental posting actions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The example trigger phrase is a natural-language request that closely resembles ordinary conversation, so it could match routine user messages without a deliberate skill-invocation boundary. Because this skill performs external social-media actions, accidental activation could lead to unintended publication, account misuse, or content changes on a live platform.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal