ClawHub

小红书长文-谷歌浏览器

Security checks across malware telemetry and agentic risk

Overview

This skill is built to publish Xiaohongshu posts, but it uses a shared logged-in Chrome session and can submit live public posts with limited guardrails.

Install only if you are comfortable letting an agent control a logged-in Chrome profile and publish to your Xiaohongshu account. Use dry-run first, prefer an isolated Chrome profile or test account, avoid sharing the profile with unrelated services, and close the debug Chrome session after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly instructs agents to run a publish-and-submit workflow against an external Xiaohongshu account, but it does not warn that this causes real-world posting or that it reuses a shared Chrome debugging port and browser profile. In an agent-execution context, missing disclosure and confirmation requirements can lead to unintended account actions, cross-skill session reuse, and accidental publication from the wrong authenticated account.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation normalizes `--submit` in the default workflow and says 'Default `--submit` when user/task requests real post,' but it does not make sufficiently explicit that this triggers a public post to the user's Xiaohongshu account. In a skill that automates a logged-in creator session, unclear confirmation semantics can cause unintended publication, reputational harm, and irreversible disclosure of content.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document gives concrete commands that will publish and submit content to external platforms, but it does not prominently warn that these actions are live, irreversible, and may post under an authenticated user account. In an agent-skill context, this increases the chance of unintended publication, especially because the shared logged-in Chrome profile is explicitly reused across Zhihu and Xiaohongshu.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script starts Chrome with a DevTools remote debugging port and a persistent user profile, creating a powerful local control channel over an authenticated browser session. Any local process able to reach 127.0.0.1:9222 can inspect pages, exfiltrate cookies or content via DevTools, and drive actions in logged-in accounts; the shared-profile context makes this more dangerous because sessions may span multiple services.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal