Security audit

Xiaohongshu (RedNote) Note Comments API

Security checks across malware telemetry and agentic risk

Overview

This is a focused read-only Xiaohongshu comment lookup skill, but it handles the JustOneAPI token in ways that can expose the credential through command arguments and request URLs.

Review before installing. Use only if you are comfortable sending note IDs to JustOneAPI and receiving Xiaohongshu comment/profile data through that service. Treat JUST_ONE_API_TOKEN as sensitive, avoid shared or logged environments, rotate the token if exposed, and prefer a version that reads the token from secure secret handling and does not place it in URLs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill appends the API token as a query parameter, which exposes the credential in URLs. Query strings are commonly logged by proxies, servers, browser/history tooling, shell history, observability platforms, and error messages, making accidental credential disclosure more likely even when HTTPS is used.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The operation explicitly enables retrieval of comment text, authors, and timestamps for feedback analysis, which involves collection and processing of potentially personal data. In a skill context, omitting any privacy, consent, retention, or acceptable-use guidance increases the risk that downstream users will deploy it for surveillance or profiling without appropriate safeguards.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: This operation goes further by advertising sentiment analysis and community monitoring using comment text, author profiles, and interaction data, which materially raises privacy and profiling concerns. In this skill's context, the lack of warnings or restrictions makes misuse more likely because the documentation frames people-centric monitoring as a primary use case without discussing consent, legal compliance, or sensitive-data handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.secret_argv_exposure

Instructions pass high-value credentials through process argv.

Critical

Code: suspicious.secret_argv_exposure
Location: SKILL.md:49