ClawHub

XHS_Content productionandpublishing

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it advertises, but it can publish live posts to a Xiaohongshu account without a final confirmation step.

Install only if you are comfortable letting the skill control a logged-in Xiaohongshu creator browser session and publish posts on that account. Review the generated title, body, and images before running it, use a dedicated browser profile, protect or delete saved login profiles when done, and periodically clear screenshots or debug HTML that may contain account or draft-post information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill is designed to publish content on the user's behalf and supports persistent browser profiles containing login state, yet the documentation does not present a clear warning about account actions, unintended posting, or privacy risks from stored session data. In context, this is more dangerous because the core function is account automation against a live social platform, so misuse or misunderstanding can directly cause unauthorized posts, account exposure, or leakage of authenticated browser data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script unconditionally clicks the final "发布" button once prior steps succeed, with no explicit confirmation prompt, dry-run mode, or last-minute summary for the operator. In an automation skill whose purpose is to post content to a live social media account, this creates a real risk of unintended publication of incorrect, sensitive, or policy-violating content if earlier inputs or page detection are wrong.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal