ClawHub

小红书爆款文案创作(红狐数据)

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but its live trend fetch weakens HTTPS protection and sends user queries to an under-disclosed third-party service.

Install only if you are comfortable with your Xiaohongshu topic keywords being sent to a third-party trend service over a connection that does not verify the server identity. Avoid entering confidential campaign terms, client names, private diary text, personal identifiers, or sensitive business plans as keywords or style samples.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code deliberately suppresses core TLS protections by omitting SNI and setting check_hostname=False and verify_mode=ssl.CERT_NONE before sending user-controlled query data to a remote service. This enables man-in-the-middle interception, spoofing, and silent response tampering, which is especially risky because the skill is only supposed to fetch trend data and has no legitimate need to bypass certificate validation.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The script presents itself as querying Xiaohongshu hot data, but actually sends requests to onetotenvip.com, a third-party intermediary. This mismatch can mislead users about where their inputs are going and what system is processing them, increasing privacy, trust, and supply-chain risk if the intermediary logs, alters, or fabricates data.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Broad natural-language triggers can cause the skill to activate during ordinary conversation, leading to unintended network access, scraping, or content generation without clear user intent. In a skill that fetches live external data, overbroad activation materially increases privacy, consent, and abuse risk because routine phrases may invoke hidden side effects.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Generic trigger phrases like '小红书文案' or '小红书热门' are too ambiguous and may match benign discussion, causing accidental invocation. Because the skill context includes live data retrieval and scraping, accidental activation is more dangerous than a purely local formatting tool and can result in unexpected outbound requests and misleading autonomous behavior.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The description presents the tool as a simple writing assistant but omits a clear warning that it performs live scraping and network retrieval. That omission undermines informed consent and makes the skill more dangerous in context, because users may unknowingly cause data to be fetched from third-party services or have their prompts transmitted externally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks users to provide personal writing samples without any privacy notice, minimization guidance, or warning not to submit sensitive material. Because the examples include personal writings, users may disclose sensitive personal information that the system then processes unnecessarily, creating avoidable privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The documentation explicitly instructs outputting author profile links, avatar/image URLs, and other creator-identifying metadata without any privacy, minimization, or handling guidance. While this is platform-originated public data, aggregating and redistributing it in generated outputs increases privacy and compliance risk, especially if users export, republish, or process the data at scale.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The function transmits the user-supplied keyword and optional start date to an external domain without any user-facing notice or consent flow. Even if the input seems low sensitivity, users may provide proprietary campaign terms, client names, or business strategy keywords, which can be collected or retained by the third-party service.

Ssd 3

Medium
Confidence
97% confidence
Finding
The workflow explicitly solicits diary entries and similar personal writing, then directs the agent to analyze and imitate that style in generated output. This creates a concrete privacy risk because highly personal text may contain sensitive information, and the imitation step can propagate private traits, distinctive phrases, or emotionally revealing content into outputs.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal