ClawHub

Xiaohongshu Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Xiaohongshu scraping tool that uses user-provided login cookies and stores harvested results locally.

Install only if you are comfortable giving the tool your Xiaohongshu session cookies and using agent-browser with that logged-in account. Keep cookie files private, prefer the default local data directory or a secure override path, review harvested outputs before sharing them, and make sure your scraping complies with Xiaohongshu rules and applicable privacy expectations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
continue
            domain, include_subdomain, path, secure, expires, name, value = parts[:7]
            flags = _cookie_to_agent_browser_flags(name)
            r = subprocess.run(
                ['agent-browser', 'cookies', 'set', name, value] + flags,
                capture_output=True, text=True
            )
Confidence
80% confidence
Finding
r = subprocess.run( ['agent-browser', 'cookies', 'set', name, value] + flags, capture_output=True, text=True )

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The script reads the logged-in user's identifier directly from browser cookies to filter candidates during user lookup, which expands collection beyond the advertised target-scraping behavior. In a credentialed scraping skill, silently accessing session-derived identity data increases privacy risk and can expose account metadata to downstream logs or outputs.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
This skill goes beyond simple search/read behavior and implements bulk harvesting of notes, comments, user works, token caching, and report generation to disk. In context, that materially increases privacy, compliance, and abuse risk because it enables scalable collection and persistence of user-generated content and metadata from a logged-in session.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script loads and uses stored authenticated cookies to impersonate a logged-in browser session without a prominent runtime warning or explicit consent flow. In the context of a scraping skill, this is sensitive because cookies are effectively credentials; mishandling them can lead to account takeover, unauthorized actions, or privacy breaches if the storage path or helper tooling is compromised.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Extracting the current logged-in account identifier from cookies without explicit disclosure collects session-linked personal data unrelated to the core output. In a tool that already requires injected login cookies, this broadens the blast radius if logs, debug output, or future code paths leak the value.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal