ClawHub

Rednote CLI

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for operating RedNote/Xiaohongshu, but it gives copy-paste commands that can publish, comment, like, collect, save account data, and delete browser profiles without enough explicit confirmation or consequence warnings.

Install only if you want an agent to help operate a real Xiaohongshu account. Before any publish, comment, like, collect, or browser-remove command, require a preview and explicit approval for the exact account/session, target note, text or media, save path, and whether the action is public or irreversible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes commands for publishing posts and performing account-affecting interactions such as likes, collects, and comments, but it does not explicitly warn that these actions modify the user's Xiaohongshu account and may be publicly visible. In an agent context, that omission increases the risk of unintended real-world actions because users may treat the examples as read-only or low-risk operational guidance.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill repeatedly recommends saving feed, profile, note, and comment data to local JSON files without warning that this may store third-party content, account data, or potentially sensitive browsing results on disk. In a terminal-agent workflow, silent persistence can create privacy and data-handling issues, especially on shared machines or in synced working directories.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly states that `browser remove` deletes a named browser instance and its managed profile, but it does not warn about irreversible loss of browser state such as cookies, sessions, local storage, saved drafts, or login data. In a terminal automation skill, users may run destructive commands directly from examples, so lack of a clear warning increases the risk of accidental data loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal