ClawHub

Kay Xhs

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it deserves review because it automates a logged-in Xiaohongshu account, collects third-party post data, and keeps persistent work records without clear limits.

Install only if you are comfortable letting the skill operate a logged-in Xiaohongshu creator account. Use a dedicated browser profile, confirm the target account and exact files before upload, avoid collecting unnecessary third-party comments or identifiers, and disable or tightly limit the memory/archive step unless you explicitly want persistent records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section instructs automated collection of third-party Xiaohongshu content, metadata, and comments through browser automation and in-page JavaScript extraction, but it does not clearly warn users up front about the privacy, compliance, and terms-of-service implications. In context, the skill is specifically designed to scrape other users' posts at scale, which makes omission of disclosure materially risky rather than merely incomplete documentation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow performs account-state-changing actions such as opening the creator console, uploading local files, filling fields, and saving drafts, yet it lacks a strong upfront warning that these actions modify the user's Xiaohongshu account and transfer local files into the browser session. Because the skill promotes automation, a user could trigger unintended uploads or account changes without appreciating the consequences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal