小红书爆款文案生成器

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Xiaohongshu copywriting skill with no code, credentials, file access, or persistence.

Safe to install for Xiaohongshu copywriting use. Review generated marketing claims for accuracy and platform compliance, and be explicit about platform and language when asking for generic social-media content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger scope is overly broad because it includes generic requests for 'social media viral content,' which can cause this Xiaohongshu-specific skill to activate for unrelated social media tasks. That increases the chance of incorrect routing, unexpected behavior, and content being generated in the wrong platform style or language, which is a real security/quality boundary issue in agent skill selection.

Natural-Language Policy Violations

Medium

Confidence: 84% confidence
Finding: The skill is effectively hard-wired to Chinese-language Xiaohongshu-style output without clearly checking whether the user wants Chinese output or that specific locale/platform format. This can lead to unintended language switching or culturally/platform-inappropriate responses, especially when broad triggers cause the skill to activate outside its intended context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal