Back to skill

Security audit

Xiaohongshu User Profile

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it includes guidance for scaled scraping with stealth browser sessions to work around platform rate limits.

Install only if you intentionally want authenticated Xiaohongshu profile and notes extraction. Avoid using the batch or stealth-session guidance, confirm each target account and requested fields, and review any local memory file the skill may create for troubleshooting notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs batch orchestration and recommends opening multiple stealth browser sessions with independent fingerprints to distribute scraping load. That materially expands the skill from a single-profile retrieval helper into a scalable scraping playbook designed to evade platform rate limits and anti-abuse controls, which increases the likelihood of abusive collection and policy circumvention.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The description contains a very broad set of trigger phrases around scraping, KOL research, influencer data, and account stats, which can cause the skill to activate for loosely related requests. In this context, overbroad activation is risky because the skill performs authenticated profile scraping from a social platform, so accidental invocation could lead to unintended data collection or use beyond the user's actual request.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill references reading and later maintaining a local memory file under the working directory without prominently warning the user that local filesystem state may be accessed or modified. Silent persistence is dangerous because it creates hidden state across runs, may store operational intelligence about scraping behavior, and can surprise users who did not consent to file access in their workspace.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill instructs appending operational notes to a local memory file after execution, again without a clear warning or opt-in for filesystem modification. Even though it says not to store fetched user IDs, it still establishes unauthorized persistence behavior that could accumulate sensitive operational context or violate user expectations about non-destructive execution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.