小红书自动排版发布---一键发布
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed Xiaohongshu publishing workflow, but it depends on an external browser automation script and saved login session that are not included in this reviewed package.
Review before installing. Treat publish actions as real public posts from your Xiaohongshu account. Only use this workflow if you can inspect and trust the referenced xhs_publish.cjs helper, know which account it will control, and understand where its saved login session is stored and how to remove it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.