Back to skill

Security audit

小红书爆款雷达

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Xiaohongshu trend-search skill that uses a Redfox API key, creates local HTML reports, and can optionally create a calendar subscription after user choice.

Install only if you are comfortable sharing Xiaohongshu search terms and date ranges with Redfox and storing the resulting report in the local working directory. Keep REDFOX_API_KEY in environment or secret configuration, avoid screenshots/logs that expose it, and only confirm the subscription option if you want a recurring calendar reminder tied to the current search.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
77% confidence
Finding
The instruction to 'just describe your needs in natural language' makes activation boundaries fuzzy, increasing the chance the search skill is invoked from ordinary conversation rather than explicit user intent. In agent environments, broad trigger phrasing can cause unintended external queries, unnecessary data access, or file generation when the user did not mean to call the tool.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The example trigger 'Show me what's trending on Xiaohongshu' is broad and closely resembles normal conversational language, so an orchestrating agent may over-match it and call the skill unintentionally. Because this skill reaches an external service and may produce leaderboard-style outputs, accidental invocation can lead to unwanted API usage, noisy behavior, and possible disclosure of generated content in the wrong context.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The README says the skill can be invoked with unrestricted natural-language requests, without a clearly scoped command format, confirmation gate, or narrow intent boundary. That makes accidental or overly frequent activation more likely in normal conversation, which can trigger external data access, report generation, or subscriptions when the user did not explicitly intend to use this tool.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The example phrase for site-wide search ('看看小红书最近热门') is broad and resembles ordinary conversational language, so a general assistant may misinterpret casual discussion as a tool-use request. Because this skill reaches an external service and can return ranked content automatically, ambiguous triggers increase the risk of unintended invocation and unnecessary data/API usage.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill advertises automatic generation of a local HTML report without clearly warning the operator that a file will be created on disk. Undisclosed file creation can surprise users, overwrite expected artifacts, or leak query contents into local storage where other processes or users may access them.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.