ClawHub
Back to skill

Security audit

小红书爆款文案生成(她势自游版)

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent for Xiaohongshu content operations, but it needs review because it can delete and rewrite Feishu scheduling records without a clear confirmation step.

Install only if the agent should access and modify the listed Feishu workspace resources. Before allowing writes, require it to show the target project/table, date and account range, records that would be deleted, and replacement rows; use least-privilege Feishu access and avoid prompts intended to bypass originality or similarity checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to delete existing schedule records whenever a date+account conflict is found, without requiring explicit user confirmation, backup, or a safer update path. In an automation context tied to production planning tables, this can cause silent data loss, accidental overwrites, and destruction of legitimate records if matching logic is wrong or the user intended a merge rather than replacement.

Ssd 4

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs the model to make small edits to source-like images to 'avoid similarity checks' and 'avoid查重,' which normalizes evasion of duplicate-detection mechanisms. Even if framed as cover generation, this guidance can facilitate laundering derivative or copyrighted material and bypass platform moderation or originality controls, making the context more concerning than ordinary image editing.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.