ClawHub

Xiaohongshu CLI

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Xiaohongshu CLI helper, but it can use a live social account and browser login state to post, comment, like, favorite, or delete without strong approval safeguards.

Install only if you trust xhs-cli and intend to operate a real Xiaohongshu account from the terminal. Use a dedicated browser profile or QR login where possible, avoid pasting cookies into chat, verify the upstream package, and require an explicit approval step before any post, comment, like/favorite, undo, or delete command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill includes write and destructive commands such as like, favorite, comment, delete, and post, but it does not require explicit user confirmation or a safety check immediately before executing account-changing actions. In an agent setting, this increases the risk of unintended social actions, content deletion, or posting on a live account due to misunderstanding, prompt injection, or ambiguous user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reference explicitly includes state-changing commands such as like, favorite, comment, delete, and post, but does not consistently warn that these modify the user's account or external platform state. In an agent skill context, documenting such commands without strong guardrails can lead an automated agent to perform unintended writes or destructive actions, especially because the skill is designed for shell-driven use and mixes read and write operations in one catalog.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal