ClawHub

Xiaohongshu Search Summarizer

Security checks across malware telemetry and agentic risk

Overview

The skill largely matches its advertised Xiaohongshu research purpose, but it needs review because it scrapes and stores third-party content locally and has an output-path containment bug.

Review before installing. Use a dedicated output directory, avoid search keywords containing slashes or '..', supervise any Xiaohongshu login challenge, delete raw outputs when finished, and treat scraped comments/images as third-party material subject to privacy, copyright, and platform rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill requires and instructs use of file read, file write, network access, and likely environment-dependent tooling, but it does not declare permissions. Hidden or undeclared capabilities reduce informed consent and make it harder for a caller or platform to enforce least privilege, especially because the workflow downloads external content and writes multiple local artifacts.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The documented purpose emphasizes search and synthesis, but the actual behavior also downloads remote images and produces intermediate raw-data artifacts on disk. This mismatch can mislead users and orchestrators about what data is collected and persisted, increasing the risk of unexpected storage of third-party content and comments.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The invocation language is broad enough to trigger on generic research, summarization, or social-media analysis requests, not just explicit Xiaohongshu tasks. Over-broad triggering can cause unintended browsing, scraping, and local file creation in contexts where the user did not specifically request this source or this level of data collection.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs the agent to save downloaded images and a synthesized report to local storage without a clear user-facing warning. Silent file creation can surprise users, consume disk space, and persist potentially sensitive or copyrighted third-party content beyond the immediate session.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill collects and downloads Xiaohongshu posts, images, and user comments without any explicit privacy or data-handling warning. Because comments and media may contain personal data or sensitive content, the absence of collection, retention, and usage disclosures creates privacy and compliance risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script saves scraped Xiaohongshu content, including post text, image URLs, and user comments, directly to disk in the specified output directory without any consent check, minimization, retention control, or warning about handling third-party personal data. In this skill’s context, comment text and usernames can contain personal or sensitive information, so persistent local storage increases privacy, compliance, and unintended disclosure risk if the output directory is shared or reused.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal