Xiaohongshu Image Auto

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent social-media automation tool, but it can publish publicly and make originality declarations on the user’s accounts without a clearly required final confirmation step.

Install only if you intentionally want an agent to operate logged-in social media accounts. Before using it, require dry-run/review first, confirm every target platform and account before posting, and do not let it declare content as original unless you have personally verified that claim.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly automates a live publish flow on the user's Xiaohongshu account, including final submission, without a prominent warning or explicit confirmation gate before the irreversible publish action. In agentic contexts, this is dangerous because a user may invoke the skill for drafting assistance but unintentionally trigger account actions that create public posts and reputational or policy risk.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill automatically checks and submits an original-content declaration without warning the user that this is a compliance-sensitive attestation made in their name. This is risky because the declaration may be false for AI-generated or adapted content, exposing the user to platform enforcement, account penalties, or misrepresentation concerns.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal