ClawHub

Local Life Hotspot

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Xiaohongshu content assistant, but it needs Review because it can publish externally and its publish path uses unsafe shell command construction with generated or web-sourced text.

Install only if you intentionally want a tool that can draft and publish Xiaohongshu posts. Keep auto-publish disabled unless you have reviewed the generated title, body, image, destination account, and timing, and prefer a fixed version that avoids shell=True command construction and clearly declares its required permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
cmd = f"mcporter call 'xiaohongshu.publish_content(title: \"{title}\", content: \"{safe_content}\", images: {json.dumps(images)})'"
    
    try:
        result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=90)
        if result.stdout and ('成功' in result.stdout or 'Success' in result.stdout):
            print(f"✅ 发布成功:{result.stdout}")
            return {"status": "success", "message": result.stdout}
Confidence
98% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=90)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill advertises behavior that implies network access, shell execution, and file writing, but the manifest shown in SKILL.md does not declare permissions or provide transparency about those capabilities. This creates a trust and review gap: users may invoke a skill that searches the web, generates assets, and publishes content without a clear permission model or explicit disclosure of what resources it will access.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The documented trigger phrases are very broad natural-language requests and do not define strong activation boundaries or require explicit confirmation before acting. In a skill that can search, generate content, and optionally publish, ambiguous activation increases the chance of unintended execution or the agent treating casual conversation as authorization for a workflow with external side effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README advertises automatic publishing to Xiaohongshu without a prominent warning that this is a data-affecting external action. Because publishing can create public posts, reputational harm, accidental disclosure, spam, or unwanted account activity may occur if users or downstream agents do not understand that invoking this path has real external consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description explicitly says the skill will 'automatically publish' generated content, but there is no visible warning that this may post to external accounts or make content public. In this context, the skill searches trending topics, creates content, and can auto-publish, so an unsuspecting user could trigger public posting, account modification, or reputational harm without fully informed consent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are generic and likely to match ordinary user requests such as '当天热点' or '深度创作', which increases the chance of unintended activation. In a skill that can automatically generate and publish content, accidental invocation can lead to unwanted posting or workflow execution without clear user intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The manifest explicitly advertises automatic publishing, but it does not present a clear user-facing warning, consent step, or safety boundary for this data-impacting action. Because the skill is intended to post to Xiaohongshu, misuse or accidental execution could publish unwanted, misleading, or reputation-damaging content to a live account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal