Back to skill

Security audit

Xiaohongshu Note Detail

Security checks across malware telemetry and agentic risk

Overview

The skill appears aimed at extracting Xiaohongshu note data, but its instructions expand into authenticated scraping with scaling and rate-limit avoidance guidance.

Install only if you deliberately want an agent to retrieve Xiaohongshu note and comment data visible to your logged-in session. Avoid using it for bulk collection, rate-limit workarounds, stealth browsing, or scraping content you are not authorized to collect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill explicitly recommends batch orchestration, breakpoint resume, and opening multiple stealth browser sessions to distribute work and avoid per-session rate limits. That guidance materially expands the skill from a single-user convenience action into scalable scraping and anti-detection evasion, increasing the likelihood of platform abuse, account enforcement, and large-scale collection of user-generated data.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough to activate on generic requests about post data, note content, or comments, which can cause the agent to invoke a scraping-oriented skill in situations where the user did not clearly request login-dependent extraction. Overbroad routing increases the chance of unnecessary collection of profile, engagement, and comment data and can bypass opportunities for consent or narrower alternatives.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs extraction of note metadata, author identity fields, engagement stats, and paginated comments from a logged-in session without any user-facing privacy notice or consent checkpoint. Because the data is accessed through an authenticated browser context, the absence of clear disclosure and confirmation makes accidental collection of personal or account-scoped information more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.