Back to skill

Security audit

Xiaohongshu Keyword Batch Autocomplete

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it needs review because it presents itself as a real Xiaohongshu keyword collector while generating mock data and suggesting future cookie/token-based integration without enough safeguards.

Install only if you understand this is currently a mock/demo keyword generator, not a verified Xiaohongshu data collector. Do not paste browser cookies, tokens, or session headers into it, and do not rely on its reports for business decisions unless the publisher clearly labels synthetic output or implements an authorized, documented data source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation advertises file input/output and implied network collection behavior, but it declares no permissions. Missing permission declarations can cause users or hosts to invoke a skill without understanding that it may read local files, write exports, or access external services, which weakens trust and security review. In this context the risk is moderate because the actions are aligned with the stated utility, but they still require explicit disclosure.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill claims Xiaohongshu autocomplete collection and SEO mining, but the documentation later admits the current version uses mock data instead of real platform data. This mismatch is dangerous because users may make operational or business decisions based on fabricated results, and a future hidden implementation change to real scraping, cookies, or tokens could occur without a clear change in declared behavior. The issue is primarily integrity and transparency related rather than direct code-execution risk.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The report claims to contain collected Xiaohongshu autocomplete suggestions, but the entries follow a uniform templated pattern across all keywords with identical suffixes and descending heat values. In a keyword-research/SEO skill, fabricated or synthetic output is dangerous because users may rely on it for business decisions, content planning, or downstream automation under the false belief that it reflects real platform data.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README instructs users to integrate a real external API and mentions possible use of cookies or tokens, but it does not warn about the security risks of handling authentication material or transmitting user-supplied data to third-party services. This can lead developers to hardcode credentials, reuse personal session cookies, or send sensitive input off-host without adequate disclosure or safeguards.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The real-API guidance suggests configuring cookies or authentication tokens but does not warn about the sensitivity of those secrets, secure storage, or the privacy implications of scraping a third-party service. This is dangerous because users may paste active session credentials into code or logs, leading to account compromise or unauthorized access. The surrounding context increases risk because the document explicitly invites future token-based integration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.