ClawHub

小红书数据分析

Security checks across malware telemetry and agentic risk

Overview

This is a user-invoked Xiaohongshu analytics demo skill with no destructive or hidden behavior, but its outputs are sample data and credentials should be handled carefully.

Install only if you understand this is a demo scaffold. Do not rely on its reports for real business decisions until a trusted live data source is implemented and clearly labeled. If you add API keys or cookies, keep them out of shared files, prefer least-privilege credentials, and avoid using proxies to bypass platform limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs users to place secrets in environment variables and describes running scripts that perform network access and write output files, yet it declares no permissions. This creates a trust and transparency gap: an agent or user may invoke a skill with capabilities that were not explicitly disclosed, increasing the risk of unintended secret exposure, network exfiltration, or filesystem modifications.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script claims to perform trend analysis for Xiaohongshu notes, but the implementation always returns hardcoded sample data instead of real collection or analysis. This is dangerous because downstream users or agents may treat fabricated analytics as genuine business intelligence, leading to incorrect decisions and concealment of tool malfunction.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The code suggests sample data is only returned when credentials are missing, but in reality it returns sample data even when API credentials or cookies are present. This mismatch can mislead operators into believing authenticated collection occurred, masking broken integrations and causing false trust in the reported results.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal