ClawHub

小红书登录

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Xiaohongshu login helper, but it handles sensitive login QR codes in an under-scoped way by documenting external Feishu delivery without clear consent or warnings.

Install only if you are comfortable with the agent handling Xiaohongshu login QR codes. Prefer local display only, do not allow Feishu or other messaging delivery unless you explicitly requested that exact destination, and treat cookie deletion as a logout/reset action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill expands a login flow into cross-channel distribution of a login QR code via Feishu, which is not necessary to perform the core authentication task. Login QR codes are authentication artifacts; sending them over messaging increases exposure to unintended recipients, message retention systems, and client-side leakage, which could enable unauthorized login if the code is scanned.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The Feishu send action is not well justified by the stated purpose of a Xiaohongshu login skill and introduces an unnecessary capability outside the skill's minimal scope. Unjustified outbound messaging broadens the attack surface and can facilitate data exfiltration or disclosure of sensitive login material under the guise of helping the user log in.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell the agent to send the login QR code image via Feishu without any warning that the image is sensitive and may grant account access to whoever scans it. In this context, the skill becomes more dangerous because a login QR code is not ordinary media but an authentication mechanism, so privacy and disclosure omissions materially raise the risk of account compromise.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal