Xiaohongshu Comic Creator

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can publish to a Xiaohongshu account using stored login cookies without requiring a clear final approval step.

Install only if you are comfortable giving the agent access to Xiaohongshu session cookies and letting it post publicly on your behalf. Review the required dependency skills, keep the cookie file private, and require the agent to show the final title, body, hashtags, and image paths for an explicit yes/no approval before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to publish directly to Xiaohongshu using stored login cookies, but it does not require an explicit user confirmation, disclose that an external account action will occur, or warn that account/session data will be used. In an agent setting, this can lead to unintended posting, reputational harm, or misuse of the user's authenticated session if the workflow is triggered automatically or ambiguously.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The workflow directs the agent to upload images and publish a Xiaohongshu post, but it does not require explicit user confirmation or a clear warning that content will be shared to an external platform. In an agentic system, this creates a real risk of unintended public disclosure, accidental posting, or publication of sensitive/generated material without informed consent.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The file explicitly instructs the agent to publish posts through an external feed creation API, but it does not require clear user notification or an explicit confirmation step before performing that side effect. In an agent skill that automates content generation and publishing, this increases the risk of unintended or unauthorized posting to a live social platform, potentially causing reputational or account-impacting harm.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal