ClawHub
Back to skill

Security audit

Xiaohongshu (RedNote) Comment Replies API

Security checks across malware telemetry and agentic risk

Overview

This is a narrow API helper, but it handles the user’s API token in ways that can expose it outside the intended request.

Install only if you are comfortable using a JustOneAPI token with this helper and sending Xiaohongshu note/comment identifiers to JustOneAPI. Prefer a version that reads JUST_ONE_API_TOKEN directly from the environment and avoids putting credentials in URLs; rotate the token if it may have appeared in logs, process listings, or proxy records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill defines the API access token as a query parameter and then appends all query parameters directly into the request URL. Query-string credentials are commonly exposed through logs, browser/history tooling, proxies, monitoring systems, and error reports, making accidental credential disclosure more likely than if the token were sent in an Authorization header.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This manifest sends an access token plus user-supplied note and comment identifiers to a third-party external API, but it provides no user-facing disclosure about what data is transmitted, how it is stored, or who operates the service. That creates a real privacy and security risk because sensitive credentials and user-selected resource identifiers may be exposed to an external processor without informed consent or clear handling guarantees.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.secret_argv_exposure

Instructions pass high-value credentials through process argv.

Critical
Code
suspicious.secret_argv_exposure
Location
SKILL.md:43