ClawHub

Xiaohongshu Post

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it gives the agent broad access to Desktop files and a logged-in browser account to publish public posts without a required final confirmation.

Install only if you are comfortable letting the agent use your logged-in Xiaohongshu browser session and access Desktop image files. Provide exact file paths, review the copied/uploaded images and final post content, and require explicit approval before anything is published.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation description is broad enough to trigger on generic requests about posting or uploading to Xiaohongshu, which can cause the skill to activate in situations where the user did not explicitly consent to a full posting workflow. In this skill, that broad matching is more dangerous because the workflow includes local file discovery/copying and an external publish action, increasing the chance of unintended sensitive actions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs the agent to scan the user's Desktop, identify images, and copy files into another directory for upload, but it does not require an explicit warning or informed consent for local file enumeration and duplication. This is dangerous because Desktop contents often contain sensitive personal files, and the cross-permission copy step can exfiltrate user data into a browser-uploadable location without a sufficiently specific authorization boundary.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill performs an external side effect—publishing content to Xiaohongshu—without requiring an explicit final confirmation immediately before the post is submitted. This is risky because accidental or manipulated execution could publish unwanted content to a real user account, causing reputational harm and unintended disclosure.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal