ClawHub

小红书爆款笔记查询

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Xiaohongshu trend-search tool that uses a Redfox API key, creates local reports, and optionally creates calendar subscriptions after user choice.

Install only if you are comfortable giving the skill a Redfox API key and sending your Xiaohongshu search keywords to the Redfox API. Expect each search to create a local HTML report, and only choose the subscription option if you want a persistent calendar reminder containing the keyword and time range.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The metadata frames the skill as a search and ranking tool, but the body also instructs creation of calendar subscriptions and scheduled push tasks. That mismatch can cause reviewers and users to underestimate the skill's operational scope, especially because scheduled actions persist beyond the immediate search interaction.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill requires use of calendar_create to establish recurring scheduled tasks, which is a materially different capability from searching hot notes. Persistent calendar/task creation can modify a user's environment and create repeated future actions, so bundling it into a search tool expands authority beyond user expectations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill automatically generates a local HTML report file but does not prominently disclose that local file creation occurs. Silent file writes can surprise users, leak searched topics into local storage, and create persistence in environments where file outputs are sensitive or monitored.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The subscription flow instructs recurring scheduled pushes via calendar_create without a clear privacy and data-handling notice. Because the created event stores search parameters and triggers future actions, users need to understand what will be recorded, how often it runs, and the retention implications before consenting.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation advertises a debug mode that prints raw API responses without warning that responses may contain sensitive fields, internal metadata, or token-adjacent error details. In an agent or shared logging environment, raw debug output can be captured in logs, terminals, or downstream telemetry and unintentionally disclose information beyond the intended result set.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The file instructs users to configure an API key environment variable but gives no guidance on treating the credential as secret, avoiding hardcoding, preventing accidental logging, or rotating/revoking exposed keys. In practice, this omission increases the chance that operators place the key in scripts, screenshots, CI logs, or other insecure locations, leading to credential compromise and abuse of the external API.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal