ClawHub

Xiaohongshu Automation Suite

Security checks across malware telemetry and agentic risk

Overview

This is a real Xiaohongshu automation skill, but it stores reusable account cookies and can publish or reply on a live account with inconsistent safeguards.

Install only if you are comfortable giving this skill reusable Xiaohongshu session cookies and allowing it to control a live account. Keep cookies private, restrict file permissions, delete debug screenshots/text when done, avoid unattended cron use, require manual confirmation before every publish or reply, and assume stealth automation may violate platform rules or affect the account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (18)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The README explicitly advertises stealth and anti-detection behavior for a social-platform automation tool, including hiding webdriver fingerprints and simulating a real browser. That functionality is not necessary for ordinary publishing or comment management and materially increases the likelihood of policy-evasion, deceptive automation, and account abuse.

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
The README encourages extending the skill with cron-style unattended automation, which moves the tool from interactive assistance toward autonomous account actions. Unattended posting or replying can amplify mistakes, spam, or abusive behavior without timely user review.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code extracts authenticated Xiaohongshu session cookies and writes them in plaintext JSON to a predictable file under the user's home directory. Session cookies are bearer secrets, so any local process, malware, or another user with filesystem access could reuse them to hijack the account without needing the password or QR re-authentication.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This file is explicitly built from puppeteer-extra stealth evasions and modifies numerous browser surfaces to hide automation, including navigator.webdriver, plugins, WebGL, permissions, languages, and Chrome runtime objects. In the context of a Xiaohongshu automation skill with 'stealth login helpers', this is not ordinary compatibility logic; it is deliberate anti-detection behavior that can facilitate policy evasion, deceptive account activity, and hinder operator awareness or platform defenses.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to collect and store multiple Xiaohongshu session cookies that appear sufficient for authenticated account access, but it does not clearly explain the account-takeover implications if those secrets are exposed. In the context of an automation skill, these tokens could enable unauthorized posting, reading, and replying as the user.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes automated posting/replying and scheduled execution without clearly warning that unattended actions can change account state, publish unwanted content, or expose user data through autonomous processing. In a social-media context, a single misfire can create public posts or responses at scale.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README documents stealth and anti-detection evasion but omits a warning that such behavior may violate platform rules, damage account trust, or trigger suspension. Because the skill is specifically designed for account automation on a third-party platform, that omission increases the chance users will deploy risky behavior without understanding the consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents cookie capture and persistence for authentication but gives no warning that session cookies are highly sensitive credentials that can enable account takeover if exposed. In this context, a stealth login helper and stored cookies materially increase danger because they bypass normal user awareness and create reusable authentication artifacts on disk.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill exposes automated publishing and comment-reply functions that can modify account content and interact with other users, yet it does not warn that these operations perform real account actions with user-visible consequences. In the context of social-platform automation, this increases the risk of accidental spam, unauthorized posting, mass replies, or policy-violating activity at scale.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill stores authentication material without any explicit warning, confirmation, or notice to the user that login state is being exported to a secrets file. In this skill context, which includes stealth login helpers and browser anti-detection flags, silently persisting reusable session cookies increases the risk of covert credential collection and unauthorized reuse.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code silently injects extensive fingerprint spoofing and anti-detection changes without any user-facing disclosure, including tampering with browser APIs and error stacks to conceal proxying. That combination increases risk because users may unknowingly deploy covert evasion tooling against a third-party platform, creating compliance, account-security, and abuse exposure beyond normal automation expectations.

Natural-Language Policy Violations

Medium
Confidence
85% confidence
Finding
The script overrides navigator.languages with a default frozen value of ['en-US','en'] when no options are supplied, thereby forcing a locale fingerprint that may not match the real user environment. While less severe than the broader stealth layer, this contributes to deceptive browser impersonation and can cause user confusion, incorrect localization behavior, or suspicious account activity patterns when combined with the rest of the anti-detection stack.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script automatically loads persistent authentication and creator-session cookies from a local secrets file and uses them to act on the user's account without any explicit consent flow, warning, or scope limitation. In the context of an automation skill for publishing and stealth login helpers, this increases the risk of unauthorized account actions, accidental misuse of highly sensitive session tokens, and easier abuse if the skill is invoked by another tool or user who does not realize it will consume live credentials.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code performs a direct publish action by clicking the final "发布" button with no confirmation prompt, preview verification, or safety interlock. Because publishing is an external, hard-to-reverse action on a real social-media account, this creates a meaningful risk of accidental posting, abuse by chained automation, or unintended content publication using the loaded session cookies.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly requires and loads Xiaohongshu cookies from a local secrets file, which are authentication credentials that can grant account access. While credential use is expected for this automation context, the skill description and guidance do not clearly communicate the privacy, account-takeover, and handling risks of using persistent session cookies, so users may expose or misuse sensitive auth material without informed consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script extracts user comment content from Xiaohongshu and writes the raw page text to a local file without clear disclosure, minimization, or access controls. This creates a privacy and data-handling risk because comments may contain personal data, and the file can persist sensitive content on disk longer than necessary where other local users, backups, or tooling may access it.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script reads authentication cookies directly from a secrets file and uses them to create an authenticated browser session without any user warning, consent check, or scope limitation. In an automation skill focused on stealth login and comment management, this increases the risk of silent account access or misuse if the skill is run unexpectedly or modified by another component.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script writes authenticated notification content and a full-page screenshot to local files, which may include private comments, mentions, usernames, and other account data. Because this happens automatically and without disclosure or retention controls, it creates a local data exposure risk to other users, processes, backups, or logs on the same system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal