ClawHub

xhs-kit-publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for Xiaohongshu publishing, but it needs Review because it stores reusable account cookies and supports live, scheduled, and batch public posting without enough safety controls.

Install only if you are comfortable giving this workflow access to Xiaohongshu account sessions. Keep cookie files outside repositories, restrict file permissions, use debug-publish first, verify the exact target account and content before every live or scheduled post, and avoid unattended batch posting unless you add explicit limits and approvals.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (11)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to store reusable account cookies in local JSON files and use them for multi-account publishing, but it does not warn that these files are effectively bearer credentials. If exposed through weak permissions, commits, backups, or logs, an attacker could hijack the associated Xiaohongshu accounts and publish or access content as the user.

Unpinned Dependencies

Low
Category
Supply Chain
Content
xhs-kit>=0.1.0
playwright>=1.40.0
pillow>=10.0.0
requests>=2.31.0
Confidence
98% confidence
Finding
xhs-kit>=0.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
xhs-kit>=0.1.0
playwright>=1.40.0
pillow>=10.0.0
requests>=2.31.0
markdown>=3.5.0
Confidence
98% confidence
Finding
playwright>=1.40.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
xhs-kit>=0.1.0
playwright>=1.40.0
pillow>=10.0.0
requests>=2.31.0
markdown>=3.5.0
pyyaml>=6.0.0
Confidence
99% confidence
Finding
pillow>=10.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
xhs-kit>=0.1.0
playwright>=1.40.0
pillow>=10.0.0
requests>=2.31.0
markdown>=3.5.0
pyyaml>=6.0.0
Confidence
99% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.40.0
pillow>=10.0.0
requests>=2.31.0
markdown>=3.5.0
pyyaml>=6.0.0
Confidence
96% confidence
Finding
markdown>=3.5.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pillow>=10.0.0
requests>=2.31.0
markdown>=3.5.0
pyyaml>=6.0.0
Confidence
99% confidence
Finding
pyyaml>=6.0.0

Known Vulnerable Dependency: pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
86% confidence
Finding
pillow

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
requests

Known Vulnerable Dependency: markdown — 2 advisory(ies): CVE-2025-69534 (Python-Markdown has an Uncaught Exception); CVE-2025-69534 (Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like se)

High
Category
Supply Chain
Confidence
75% confidence
Finding
markdown

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
94% confidence
Finding
pyyaml

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal