Back to skill

Security audit

Xiaohongshu (RedNote) User Published Notes API

Security checks across malware telemetry and agentic risk

Overview

This focused API skill appears legitimate, but its token handling needs care because the token is passed in command arguments and sent in the request URL.

Install only if you trust JustOneAPI with your API token and the Xiaohongshu user IDs you submit. Keep JUST_ONE_API_TOKEN out of chat, screenshots, shell history, shared logs, and monitoring systems; rotate the token if a full command line or request URL may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill defines the API access token as a query parameter and later appends all query parameters directly into the URL. Tokens in URLs are commonly exposed through logs, browser/history tooling, proxy infrastructure, monitoring systems, and error messages, making inadvertent credential disclosure more likely even when HTTPS is used.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The API requires a sensitive access token as a query parameter, but the manifest provides no user-facing warning about credential handling, privacy implications, or logging exposure. Query parameters are commonly recorded in logs, proxies, browser histories, and telemetry, increasing the chance of inadvertent token disclosure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents an API that retrieves a user's published notes for account monitoring and requires an access token, but it provides no warning about handling privacy-sensitive user data or protecting the token in transit, logs, and downstream storage. This omission can lead integrators to expose tokens in URLs, logs, analytics, or client-side code and to process user-content data without appropriate privacy controls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.secret_argv_exposure

Instructions pass high-value credentials through process argv.

Critical
Code
suspicious.secret_argv_exposure
Location
SKILL.md:47