Back to skill

Security audit

小红书自动排版发布---一键安装

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says: set up a Xiaohongshu publishing workflow that stores local profile/session data and requires confirmation before posting.

Install only if you are comfortable with a local Xiaohongshu login session and account profile data being saved under ~/.openclaw/workspace-xiaohongshu-publisher. Protect that directory, review content before confirming publish, and delete .session/state.json and .env when you no longer want the skill to retain login/profile state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly collects user account/profile information and persists it to a local .env file, but it does not clearly warn the user that this data will be stored on disk and reused later. Even if the fields are not highly sensitive secrets, they are still personal/business profile data and persistent storage increases exposure through backup systems, local compromise, or accidental sharing of the workspace.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script saves Playwright storage state to ~/.openclaw/workspace-xiaohongshu-publisher/.session/state.json, which typically contains authentication cookies and other session material for the Xiaohongshu account. Storing this on disk without warning, permission controls, or encryption increases the risk of local credential theft by other users, malware, backups, or accidental disclosure from the workspace.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The script writes publication metadata such as title, timestamp, final URL, and tags to a local JSON file in the workspace without prior disclosure. While this is less sensitive than session credentials, it can still leak user activity, content strategy, or unpublished/traceable business information if the workspace is shared, synced, or later exposed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to persist session-derived content and user-related preferences into memory files, but provides no notice, consent, retention limits, or guidance on handling sensitive information. In this publishing workflow, drafts, account positioning, audience details, and performance patterns may contain proprietary or personal data, so silent long-term storage creates a real privacy and data-governance risk.

Session Persistence

Medium
Category
Rogue Agent
Content
将账号信息写入配置:
```bash
mkdir -p ~/.openclaw/workspace-xiaohongshu-publisher
cat > ~/.openclaw/workspace-xiaohongshu-publisher/.env << 'EOF'
XHS_ACCOUNT_NAME=用户输入的账号名
XHS_POSITIONING=用户输入的账号定位
Confidence
92% confidence
Finding
mkdir -p ~/.openclaw/workspace-xiaohongshu-publisher cat > ~/.openclaw/workspace-xiaohongshu-publisher/.env << 'EOF' XHS_ACCOUNT_NAME=用户输入的账号名 XHS_POSITIONING=用户输入的账号定位 XHS_TARGET_AUDIENCE=用户输入的目标受众 X

Session Persistence

Medium
Category
Rogue Agent
Content
3. 将 Step 2 收集的信息填充到两个 Agent 的 USER.md 中
4. 创建 session 目录:
   ```bash
   mkdir -p ~/.openclaw/workspace-xiaohongshu-publisher/.session
   ```
5. 输出进度:
   ```
Confidence
90% confidence
Finding
mkdir -p ~/.openclaw/workspace-xiaohongshu-publisher/.session ``` 5. 输出进度: ``` [1/2] lingge(灵格 - 小红书排版设计师)→ 已部署 [2/2] xinglan(星阑 - 小红书运营发布师)→ 已部署 ``` ## Step 4:注册 Agent ```bash opencl

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/setup.cjs:25