Security audit

Xiaohongshu (RedNote) Share Link Resolution API

Security checks across malware telemetry and agentic risk

Overview

This focused API tool does what it says, but its access token can be exposed through command-line arguments and request URLs, so it needs review before installing.

Install only if you are comfortable sending RedNote share URLs to JustOneAPI and accepting the token-handling risk. Prefer a version that reads the token directly from an environment variable or secret store and avoids putting it in command-line arguments or URL query strings; rotate the token if you think it may have been exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The skill description is broad and lacks clear trigger constraints, so an agent may invoke it in situations where the user did not explicitly request external link resolution. Because the operation sends a user-supplied URL and token to a third-party service, vague invocation criteria increase the chance of unintended data disclosure or unnecessary external calls.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: This manifest explicitly defines transmission of a user-provided share URL and an access token to an external API, but provides no user-facing disclosure or consent cue. That creates a real privacy and security risk because users may not realize their content and credentials are being sent off-platform to JustOneAPI.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal