ClawHub

xiaohongshu-mcp-skill

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for Xiaohongshu automation, but it gives a local background service broad control of a live account without enough safety scoping.

Install only if you trust the upstream xiaohongshu-mcp project and are comfortable giving a local service control of your Xiaohongshu account. Verify downloaded binaries, protect cookies.json with restrictive permissions outside shared or committed directories, keep tool auto-approval off, require manual confirmation before publishing/commenting/liking/favoriting/resetting cookies, and stop the background service when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises state-changing operations such as publishing content, commenting, liking, favoriting, and deleting cookies, but does not prominently warn that these actions modify a real Xiaohongshu account. In an agent setting, missing guardrails around destructive or externally visible actions increases the risk of unintended account activity, spam, loss of session state, or user harm through accidental execution.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide explicitly states that authentication cookies are stored locally in cookies.json and can be reused, but it gives no warning that this file is equivalent to a live session token. If the file is left with broad filesystem permissions, committed accidentally, or read by another local process, an attacker may hijack the Xiaohongshu account without needing credentials.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide documents state-changing operations such as publishing content, commenting, liking, and favoriting without explicitly warning that these actions will modify the user's Xiaohongshu account and may create irreversible public activity. In an agent context, omission of these warnings increases the chance of unintended account actions, spam-like behavior, or reputational harm because the capability is framed as a normal workflow rather than a sensitive operation requiring confirmation.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Allowing image publication from HTTP/HTTPS URLs without any warning can cause the local MCP service or related components to fetch remote content, exposing the user's IP/network metadata and potentially transmitting sensitive media to third-party hosts. If URL fetching is supported server-side, this also expands the attack surface to untrusted remote resources and can enable privacy leaks or unsafe network access patterns.

Session Persistence

Medium
Category
Rogue Agent
Content
2. **服务未运行时启动**
   ```bash
   cd /Users/handi7/Documents/agentic-coding-projects/projects/xiaohongshu-mcp
   nohup ./bin/xiaohongshu-mcp-darwin-arm64 > mcp.log 2>&1 &
   ```

## 可用工具
Confidence
70% confidence
Finding
nohup

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal