Xiaohongshu Writing

Security checks across malware telemetry and agentic risk

Overview

This is a text-only Xiaohongshu writing guide with no code execution or system access, though users should not use it to hide required AI disclosure.

Safe to install from a technical security perspective. Use it as a writing aid, keep posts truthful, do not invent personal experiences or product results, avoid exaggerated claims, and disclose AI assistance whenever platform rules or law require it.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill explicitly promotes making AI-generated text appear human-written ('像人写', '去AI味检查') while elsewhere mentioning AI-generated content must be labeled. That contradiction creates a deceptive-use risk because the main workflow operationalizes concealment of AI authorship rather than compliant disclosure.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill contains repeated instructions for systematically removing signs of AI generation without corresponding safeguards against deceptive impersonation. In a content-generation context, this makes misuse straightforward for users seeking to pass AI-written material off as organic human writing.

Ssd 2

Medium

Confidence: 97% confidence
Finding: The document repeatedly provides paraphrasing and stylistic transformation rules specifically aimed at disguising AI authorship. This is dangerous because it supplies a reusable procedure for evading detection and misleading audiences about content origin across many posts, not just a single example.

Ssd 4

Medium

Confidence: 98% confidence
Finding: The workflow explicitly ends with a dedicated step to check for 'AI text sins' and revise them away before output. Because this is embedded as a mandatory production stage, the skill normalizes systematic concealment of AI-generated characteristics and increases the likelihood of deceptive downstream use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal