ClawHub

Xiaohongshu First Line

Security checks across malware telemetry and agentic risk

Overview

This skill is a real Xiaohongshu icebreaker assistant, but it should be reviewed because it uses a logged-in browser to collect, screenshot, and profile real people with weak consent and safety boundaries.

Install only if you are comfortable with an agent using your logged-in Xiaohongshu session to browse public profiles, capture screenshots, and generate outreach advice about real people. Keep use limited to explicit Xiaohongshu requests and public, user-selected targets; avoid private accounts, sensitive personal inferences, bulk discovery, or unwanted repeated contact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs sending full-page Xiaohongshu screenshots containing third-party creators' photos, post covers, usernames, and profile content to the requesting user. This materially expands data exposure from summarizing public content for a narrow task into redistributing visual profile data, which increases privacy risk, facilitates profiling of non-consenting individuals, and enables browsing of third-party content through the agent.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to infer personality type, communication style, values, and 'approachability' from a stranger's posts. This is sensitive social profiling of third parties that goes beyond extracting shared interests for drafting an opener, and it can produce manipulative or inaccurate inferences about willingness to engage.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger list is very broad, including generic social and conversation terms, which raises the chance the skill activates in contexts where the user did not intend third-party browsing or profiling. Unintended invocation is especially risky here because the skill is configured to browse a logged-in social platform and collect profile data automatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions emphasize using a logged-in browser and capturing screenshots, but they omit any user-facing warning or consent step that third-party social content and images will be accessed and potentially relayed back. This lack of transparency increases the risk of privacy-invasive browsing and unexpected disclosure of platform content through the agent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The template explicitly instructs the agent to summarize scraped profile data and derive interests, style, and engagement signals from a third party's public content without any privacy notice, consent boundary, or minimization rule. In this skill's context—helping users analyze a real person's profile to craft outreach—this can normalize profiling of individuals and increase the risk of privacy-invasive or manipulative contact, even if the source content is public.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal