ClawHub

小红书自动发布(macOS)

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to publish Xiaohongshu posts for the user, but it lacks a clear final approval step before public posting.

Install only if you are comfortable letting an agent operate a logged-in Xiaohongshu session. Require the agent to stop before publishing and show the target account, image source, title, body, hashtags, and final page state; approve the final publish click yourself.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill describes capabilities to download images from the network and upload files through a browser flow, but it does not declare corresponding permissions. Undeclared network and file-write-like behaviors reduce transparency and informed consent, making it easier for a user or platform to underestimate what the skill can access or do.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill automates posting content to the user's Xiaohongshu account, which is a sensitive account action with reputational and account-security consequences. Without an explicit warning and confirmation, users may trigger real public posts unintentionally, especially because the workflow is framed as a convenience feature.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill may download images from the network and may use existing desktop images for upload, but it does not clearly warn about the privacy and data-handling implications. This can expose local files or cause copyrighted, sensitive, or unintended content to be uploaded to a public account.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The script downloads remote content and writes it directly to the user's Desktop without an explicit warning or consent flow. In a skill context, unexpected local file creation can surprise users, clutter sensitive locations, and normalize unsafe behavior, especially since the content source is remote and not validated beyond HTTP status.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The script silently creates /tmp/openclaw/uploads and copies a file into it without explicit disclosure. While low impact, undisclosed filesystem side effects are risky in agent skills because they may leave artifacts, expose data in shared temporary locations, or interact unexpectedly with other tools that monitor that path.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal