小红书长文发布

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is not malicious, but it can publicly publish to a user’s Xiaohongshu account without a clear final confirmation requirement.

Review this skill before installing. It appears instruction-only and aligned with Xiaohongshu publishing, but only use it when you intend to post publicly, confirm the active account, review the title/body/template yourself, and require the agent to stop for explicit approval before clicking publish.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are broad enough to match normal user requests like '写一篇小红书' or '发小红书', which can cause this publishing skill to activate when the user may only want drafting help rather than immediate posting behavior. In a skill that drives a browser and reaches a real publishing flow, ambiguous triggering raises the risk of unintended navigation and content publication actions.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The instructions explicitly automate the final publication flow, including clicking the '发布' button, but provide no requirement to warn the user, preview the final content, or obtain explicit confirmation immediately before the irreversible action. In the context of a social-media publishing skill, this creates a direct risk of unauthorized or accidental public posting, reputational harm, and disclosure of sensitive or unreviewed content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal