Xiaohongshu Hot Daily

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed public-page trend fetcher, with a data-quality caveat around simulated fallback results.

Install only if you are comfortable with agent-browser/Chromium opening a public webpage. Run it manually first, watch stderr for the simulated-data message, and avoid relying on exported reports for business decisions unless you confirm the scrape was live or add a provenance field.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 86% confidence
Finding: The skill advertises executable usage patterns that invoke local shell commands and write output files, but it declares no permissions. This creates a transparency and trust problem: users or platforms may not realize the skill can execute commands and persist data, which increases the chance of unintended command execution, filesystem modification, or abuse if the implementation is changed or extended.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The documentation materially misrepresents behavior by claiming 'real data' and scheduled-task support while also relying on undisclosed simulated fallback data and lacking actual scheduling implementation. This is dangerous because users may make operational or business decisions based on fabricated data they believe is live, and may grant trust or automation privileges under false assumptions.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: When live retrieval fails, the skill silently returns fabricated mock entries while continuing to present the output as a normal hot-list report. In this skill context, which explicitly advertises 'real data,' that can mislead downstream automation, reporting, or business decisions and creates a data integrity vulnerability.

Intent-Code Divergence

Low

Confidence: 93% confidence
Finding: Although the helper comments label the fallback as simulated data, the main output flow does not preserve that distinction and prints/saves it as if it were authentic hot-list content. This weakens output trustworthiness and can cause users or other tools to mistake synthetic data for real observations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal