ClawHub
Back to skill

Security audit

Xiaohongshu Creator Marketplace (Pugongying) User Published Notes API

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent API helper, but it handles the required API token in ways that can expose it through command arguments and request URLs.

Install only if you trust JustOneAPI and can use a low-privilege, easily rotated token. Avoid sharing command history, process listings, URLs, logs, screenshots, or error output from this skill, and rotate the token if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly models the authentication token as a query parameter and then appends all query parameters to the URL, causing the token to be embedded in the request URI. Query-string secrets are commonly exposed through logs, proxies, browser/history artifacts, monitoring systems, and upstream services, making accidental credential disclosure more likely even when HTTPS is used. In this skill context, the risk is real because the token is a required credential for a third-party API and there is no warning to the user that it will be transmitted this way.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly requires a `token` query parameter but provides no warning that it is a sensitive credential or guidance to avoid logging, exposing, or mishandling it. Passing authentication tokens in query strings is especially risky because they are commonly captured in logs, analytics, browser history, caches, and intermediary systems, which can lead to credential leakage and unauthorized API access.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.secret_argv_exposure

Instructions pass high-value credentials through process argv.

Critical
Code
suspicious.secret_argv_exposure
Location
SKILL.md:50