ClawHub

XHS Content Generate

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Xiaohongshu post-writing skill with disclosed public RSS fetching and no evidence of credential access, persistence, or destructive behavior.

Install only if you are comfortable with the skill fetching public 36kr RSS topics and using browser tooling for links you provide. Review the separate humanizer-zh dependency, and fact-check or edit generated posts before publishing, especially when the draft makes strong or controversial claims.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The script adds external news/RSS collection capability that is not clearly declared in the skill metadata, expanding the skill's effective scope from content generation into live data acquisition. In an agent setting, undeclared external fetching increases trust and review risk because it can pull unvetted third-party content into downstream generation, influence outputs unexpectedly, and create hidden network behavior that operators may not have approved.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough that the skill may auto-activate for generic writing requests, causing unexpected network access or style-transfer behavior when the user did not intend to use this specific skill. In an agent ecosystem, overbroad routing can lead to privilege overreach and surprising data flows, especially when the skill can fetch external content and process user-provided links.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill workflow includes fetching external topics and accessing user-provided links, but the user-facing description does not clearly warn that network requests may occur. This weakens informed consent and can expose user-supplied URLs or trigger unexpected outbound requests in contexts where users expect local-only text generation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal