Security audit

Xiaohongshu Creator Marketplace (Pugongying) API

Security checks across malware telemetry and agentic risk

Overview

This is a read-only JustOneAPI wrapper for Xiaohongshu creator analytics, with real token-handling cautions but no evidence of hidden or unrelated behavior.

Install only if you trust JustOneAPI with your Xiaohongshu creator analytics requests. Use a scoped or revocable token where possible, avoid sharing logs or error output, and remember that this skill sends the token in the request URL, which can be visible to infrastructure logs even over HTTPS.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The metadata and top-level description materially understate the skill's capabilities. A user or downstream agent expecting only profile, summary, and follower-growth access could unknowingly invoke broader search, note-detail, pricing, audience, and benchmarking endpoints, weakening informed consent and increasing the chance of over-privileged or privacy-invasive use.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly instructs the agent to include backend error payloads and exact operation IDs when failures occur, but it provides no warning or guardrail that such payloads may contain sensitive implementation details, request metadata, or echoed parameters. In a tool-using agent context, surfacing raw backend errors to end users can leak information that aids reconnaissance or accidentally expose sensitive data.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: This CLI explicitly models the authentication token as a query parameter and appends all query parameters to the request URL, causing the token to be transmitted in the URL rather than in an authorization header. URL-based secrets are commonly exposed through logs, proxies, browser/history equivalents, monitoring systems, crash reports, and upstream server access logs, making accidental credential disclosure materially more likely even when HTTPS is used.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: This is a real security weakness because the API requires the authentication token to be passed in the URL query string. Query parameters are commonly exposed in logs, browser history, proxy records, analytics systems, and error traces, which increases the chance of credential leakage even when HTTPS is used. In this skill, the token appears on many operations, so the exposure pattern is systemic rather than isolated.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The documentation shows repeated use of authentication tokens in query parameters for endpoints that expose creator profiles, audience demographics, pricing, and content analytics, but it provides no privacy or handling warnings. Query-string tokens are commonly logged by clients, proxies, and servers, so documenting this pattern without caution increases the risk of credential leakage and unauthorized access to sensitive marketplace data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal