Security audit

Xiaohongshu (RedNote) Note Details API

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it handles the API token in ways that can expose it in process listings or URL logs.

Review before installing. Use it only if you trust JustOneAPI with your API token, queried note IDs, and returned RedNote content. Avoid sharing command logs or full request URLs, prefer a least-privileged or disposable token if available, and rotate the token if it may have appeared in process listings, shell history, proxy logs, or error reports.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The skill instructs users to send a `noteId` to an external third-party service (JustOneAPI) but does not clearly warn that the identifier and associated request metadata will leave the local environment. This creates a transparency and privacy issue: users may unknowingly disclose identifiers, usage patterns, and related metadata to an external processor, which is especially relevant in agent workflows where tool calls may happen automatically.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill defines the API access token as a query parameter and then automatically appends all query parameters to the URL before issuing the request. Query-string credentials are commonly exposed through logs, browser history, proxies, monitoring systems, and upstream error reporting, which increases the chance of token leakage even when HTTPS is used.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The API requires an access token to be sent as a query parameter, which is risky because query strings are commonly logged by clients, proxies, servers, browser history, and observability systems. Even if TLS is used, placing credentials in the URL materially increases accidental exposure and token leakage risk.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation explicitly requires an access token in the query string and describes retrieving and archiving third-party note details, but it provides no warning about privacy, data handling, retention, or consent expectations. This is risky because query-string tokens are commonly logged by clients, proxies, and servers, and the described use case encourages collection of third-party content and engagement data without clarifying legal or privacy boundaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal