Back to skill

Security audit

小红书爆款文案创作(红狐数据)

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its stated Xiaohongshu copywriting purpose, but it needs review because it asks for personal writing samples and writes local report files without enough privacy and file-scope guardrails.

Install only if you are comfortable using a RedFox API key and sending topic queries to that service. Do not provide private diaries, client material, unpublished drafts, personal identifiers, or proprietary text as style samples; use short redacted excerpts instead. Be aware that the script creates local HTML report files, so review the output location and avoid running it in directories where accidental file creation or overwrite would matter.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README instructs users to invoke the skill with broad natural-language requests like “help me write...” and “find me trending...”, but it does not define clear boundaries for when the skill should activate or what data/actions are in scope. In an agent setting, this can cause over-triggering, accidental execution on ambiguous user input, and unintended use of external retrieval/generation capabilities without explicit user confirmation.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The feature allowing users to upload prior note content for style fusion lacks a visible warning about privacy, copyright, and sensitive information exposure. Users may paste unpublished drafts, client materials, personal data, or proprietary content into the tool without understanding retention, third-party processing, or reuse risks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises uploading prior notes for style analysis without explaining how those notes are stored, processed, retained, or whether sensitive personal/business content should be excluded. This can lead users to submit private drafts, proprietary marketing material, or personal data to an external service without informed consent or minimization.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly asks users to upload personal writing samples, including potentially sensitive material, without any privacy notice, minimization guidance, retention policy, or warning not to submit private data. This increases the risk that users disclose diaries or other personal text that may then be processed, stored, or reused in outputs without informed consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document explicitly states that debug mode prints raw API responses but gives no warning that those responses may contain sensitive or privacy-relevant data. In practice, users may enable debugging in shared terminals, CI logs, or support bundles, causing unintended disclosure of returned content, identifiers, or metadata.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document instructs users to configure an API key environment variable without warning that the credential is sensitive or advising safe handling practices. This increases the chance that users will expose the key in shell history, screenshots, committed config files, or debug output, enabling unauthorized API use.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill encourages users to provide diaries or personal notes and then reuse their contents/style in generated output. This creates a natural-language data leakage risk: sensitive phrases, names, or private facts from the sample may be reproduced in the final content or retained in downstream artifacts, especially given the noted local report-writing behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.