Back to skill

Security audit

Fox Xiaohongshu Publish

Security checks across malware telemetry and agentic risk

Overview

This skill is for publishing to a real Xiaohongshu account, but it can proceed to a live public post without a clearly required final user confirmation.

Install only if you want an agent to operate your Xiaohongshu creator account. Before use, instruct it to stop before publishing, show the title, body, target account, and visibility, and wait for an explicit confirmation such as "publish now".

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases include broad natural-language requests like '写一篇小红书' and '发小红书', which can match ordinary content-generation requests rather than an explicit instruction to perform a real publish action. In a skill that drives a browser to post to a live social-media platform, this ambiguity can cause unintended external publication without clear user confirmation.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill describes a workflow that ends with clicking the live '发布' button on Xiaohongshu, but it does not clearly warn that this performs a real external publication. Without a prominent warning and confirmation boundary, users may believe they are only drafting or previewing content, leading to accidental public posting, reputational harm, or disclosure of sensitive information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.