Back to skill

Security audit

小红书图文自动发布引擎 Pro

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Xiaohongshu auto-publisher, but it gives the agent scheduled posting and browser automation authority without enough approval and cleanup controls.

Review carefully before installing. Use draft-only behavior unless you explicitly want scheduled publishing, confirm the active Xiaohongshu account, manually approve each post, and make sure you can find and delete any local schedule files or cron jobs it creates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad, common user utterances such as '帮我写小红书' and '运营小红书', which can overlap with ordinary requests and cause the skill to auto-load without clear user intent for automation. In this skill, accidental activation is more dangerous because it enables web automation, scheduling, and local state writes, increasing the chance of unintended posting workflows or data handling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises automatic drafting, scheduled publishing, analytics collection, and persistent local schedule storage, but provides only limited safety guidance despite performing actions that can affect third-party accounts and user data. In context, this is more dangerous because it uses browser automation against a live platform and cron-based autonomous execution, creating risks of unauthorized posting, account sanctions, privacy issues, and unintended persistence without strong consent and review controls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.