ClawHub
Back to skill

Security audit

Xiaohongshu Creator Marketplace (Pugongying) Cost Effectiveness Analysis API

Security checks across malware telemetry and agentic risk

Overview

The skill appears to call only the advertised JustOneAPI endpoint, but it handles the API token in leak-prone ways.

Review before installing. Use only a scoped, rotateable JustOneAPI token, avoid running it on shared machines or in environments that log command lines or full request URLs, and prefer a patched version that reads the token directly from the environment and uses header-based authentication if the upstream API supports it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill requires an authentication token to be placed in the URL query string, which is commonly logged by client tooling, proxies, browser history, server access logs, and monitoring systems. Even though the base URL uses HTTPS, query-parameter secrets are still exposed to many intermediaries and local logs, making accidental credential leakage a realistic risk.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The manifest requires a user authentication token as a query parameter but provides no warning about secure handling, storage, or transmission. Passing credentials in query strings can expose them through logs, browser history, analytics, intermediary systems, and referrer leakage, increasing the risk of credential compromise.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.secret_argv_exposure

Instructions pass high-value credentials through process argv.

Critical
Code
suspicious.secret_argv_exposure
Location
SKILL.md:42