ClawHub

小红书作品爬取

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate Xiaohongshu crawler, but it should be reviewed because it uses a third-party API key, sends search terms to RedFox, and generates local active HTML reports with limited scoping safeguards.

Install only if you are comfortable sending Xiaohongshu search terms and your RedFox API key to redfox.hk. Avoid using sensitive business or personal search terms, keep REDFOX_API_KEY out of committed files and logs, and treat generated CSV/HTML reports as potentially sensitive shared files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes external Python scripts, reads environment variables for an API key, performs network access, and writes local files, yet it declares no permissions or trust boundaries. This creates a mismatch between documented behavior and runtime capability, reducing transparency and making it easier for users or host systems to approve execution without understanding the data-access and file-write risks.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The README says users can 'simply describe what you want to search for in natural language' and includes broad trigger phrases for common Xiaohongshu-related requests. This can cause the skill to activate on ordinary conversation about trending posts or content research, increasing the chance of unintended data collection, export actions, or use of the configured API key without clear user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document instructs users to place a long-lived API key in configuration or shell environment and later writes crawl results to local temporary and download paths, but it does not warn about secret handling, file permissions, or exposure of scraped data. This can lead to accidental credential leakage, insecure storage, or unintended disclosure of generated reports on shared systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script transmits user-supplied search keywords and the configured API credential to an external service without any explicit disclosure, consent checkpoint, or data-handling notice. Even if required for functionality, this creates privacy and trust risk because user queries may contain sensitive business terms or personal data and are sent off-platform to a third party.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal