ClawHub

WeChat to Xiaohongshu

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can publish live Xiaohongshu posts from logged-in accounts without a required final confirmation step.

Install only if you are comfortable giving the agent browser-control access to logged-in WeChat and Xiaohongshu creator accounts. Prefer asking it to import to draft first, then manually verify the target account, article, formatting, cover, hashtags, and visibility before approving publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly automates the final publication step to Xiaohongshu and even states the result is 'published' without requiring an explicit user confirmation immediately before clicking the final publish button. In an agentic/browser-automation context, this can cause unintended public posting of content, reputational harm, accidental disclosure, or posting to the wrong account if the browser session is not what the user expected.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide states the system will automatically complete the full flow and click publish, but it does not require an explicit confirmation step immediately before the irreversible posting action. In a browser-automation skill operating on already-authenticated accounts, this can cause unintended public posting, reputational harm, or accidental publication of the wrong article or tags.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow table presents publishing as the default final automated step and emphasizes speed/automation without prominently warning that this will post to a live Xiaohongshu account. Because the prerequisites require active login sessions, the skill has direct authority to perform account-side actions, increasing the risk of accidental or unauthorized-looking publication.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal