Security audit

小红书图文创作

Security checks across malware telemetry and agentic risk

Overview

This content-generation skill is mostly purpose-aligned, but its recommended image workflow exposes a local callback service through a public tunnel using helper scripts that are not included for review.

Install only if you are comfortable sending the topic, audience, title, and image prompt to external search and image services. Prefer the included Seedream path with a narrowly scoped API key. Avoid the recommended KIE/cloudflared workflow unless the missing helper scripts are supplied and reviewed, and make sure any callback tunnel has explicit authentication and shutdown controls.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger phrases are broad natural-language expressions for common content-creation requests, making accidental activation plausible during ordinary conversation. Misfiring this skill could cause unplanned searches, shell execution, file output, or third-party API use in a context where the user did not intend to invoke automation.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: Using “等” leaves the activation scope open-ended, which weakens determinism and makes it harder to reason about when the skill should run. In an agent environment with side effects, vague triggering increases the risk of unintended execution and surprise external actions.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The workflow sends user-provided content to network search and external image-generation infrastructure, including a cloudflared tunnel and callback flow, without a clear disclosure or consent step. This can expose sensitive topics, prompts, or generated assets to third parties and expands the attack surface beyond the local environment.

Missing User Warnings

Low

Confidence: 78% confidence
Finding: The skill writes generated outputs into the workspace and may overwrite or create files without clearly warning the user. While the target path appears scoped to an output directory, undisclosed file creation can still surprise users, leak sensitive content into persistent storage, or interfere with existing artifacts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal