ClawHub

Xiaohongshu Matrix Notes

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed content-production workflow that uses third-party APIs for RedNote/Xiaohongshu collection and image generation, with privacy and rights cautions but no evidence of hidden or destructive behavior.

Install only if you are comfortable using Tikhub/Ofox and possibly Gemini with your own API keys. Confirm you have rights or consent for benchmark account material, likeness references, product photos, and any uploaded images, and check Xiaohongshu/RedNote platform rules before scraping or publishing close imitations at scale.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow instructs large-scale scraping of Xiaohongshu content and sending reference images, product images, and prompts to third-party services without clear notice about privacy, consent, data transfer, or platform-account risks. In context, this is more dangerous because the skill is explicitly designed for mass production and imitation of benchmark accounts, increasing the likelihood of unauthorized collection, processing, and external transmission of personal or copyrighted content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file explicitly instructs operators to send images and prompts to third-party services (Ofox and Google Gemini) and to configure API keys, but it provides no notice, consent flow, or data-handling warning. In this skill context, the transmitted data can include product photos and possibly user-supplied reference images, creating privacy, confidentiality, and compliance risk if users are unaware that their content leaves the local environment.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script silently transmits a bearer token plus user-supplied Xiaohongshu identifiers to api.tikhub.io without any runtime disclosure, consent prompt, or prominent notice beyond terse comments. In an agent-skill context, this increases the risk of users unknowingly causing third-party data transfer and credential use, especially where skills may run semi-autonomously.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script transmits user prompts and any provided reference images to a third-party remote service, but the CLI behavior does not provide an explicit runtime warning or consent checkpoint. In this skill's context, reference images may contain personal, proprietary, or sensitive content, so silent upload increases privacy and data-governance risk.

External Transmission

Medium
Category
Data Exfiltration
Content
# 血泪经验(踩过的坑 + 解法)

## 出图通道
- **OpenRouter 的图像模型常"not available in your region"**(image2/gpt-5-image/gemini 全中)→ 用 **Ofox**:`https://api.ofox.ai/v1/images/generations`(文生图)、`/v1/images/edits`(图生图,multipart,`image[]` 可多张)。模型 `openai/gpt-image-2`。key `sk-of-…` 放 `OFOX_API_KEY`。
- **直连 Google Gemini**(`generativelanguage.googleapis.com`,GEMINI_API_KEY)可作兜底,但效果不如 image2。
- 并发别太高(3 左右),Ofox 易 `SSL UNEXPECTED_EOF`;**必须带重试**(ofox_gen.py 已内置)。
Confidence
95% confidence
Finding
https://api.ofox.ai/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal