ClawHub
Back to skill

Security audit

xiaohongshu-search

Security checks across malware telemetry and agentic risk

Overview

The skill is for legitimate Xiaohongshu market research, but it asks the agent to control a logged-in Chrome session without clear safeguards around account data or allowed actions.

Install only if you are comfortable letting an agent operate in a logged-in Xiaohongshu browser session. Prefer a separate browser profile or research account, and instruct the agent to stay on public search/result/note pages and avoid messages, settings, posting, follows, likes, or other account actions unless you explicitly approve them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is broad enough to enable arbitrary Xiaohongshu searching and data extraction without stating clear user-approval, scope, or query constraints. In an agent setting, vague activation criteria can cause the skill to be invoked on loosely related prompts, increasing the chance of unnecessary browsing, collection of third-party content, or unintended use of a logged-in session.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly relies on controlling an already logged-in Chrome instance via remote debugging but provides no warning or safeguards about account access, session cookies, private data exposure, or unintended actions under the user's identity. This is especially risky because browser automation over an authenticated session can access personalized content and potentially interact with the account beyond passive viewing if misused or over-invoked.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.