ClawHub

小红书搜索摘要

Security checks across malware telemetry and agentic risk

Overview

This skill transparently scrapes Xiaohongshu search results, saves the collected text/images/comments locally, and asks the agent to produce a report from them.

Install only if you are comfortable running browser automation against Xiaohongshu, possibly logging in manually, and storing scraped post text, comments, images, raw JSON, and reports locally. Use a dedicated output folder, avoid sensitive directories, review files before sharing, and make sure your use complies with Xiaohongshu terms and applicable privacy rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill uses file read/write, network access, and likely environment-dependent execution via external tools, but does not declare permissions or otherwise clearly scope these capabilities. This weakens user consent and policy enforcement because an agent may invoke a skill that can write files, access the network, and run tooling without those effects being explicitly surfaced.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The declared description emphasizes search and synthesis, but the skill also downloads images to local storage and only guarantees generation of raw extracted data before requiring the agent to perform a separate synthesis step. This mismatch can cause users or supervising systems to underestimate data collection, persistence, and local side effects, increasing the risk of unintended scraping and storage of third-party content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to download images and save outputs locally without an explicit user-facing warning that it will modify the filesystem. Silent writes create consent and data-handling risks, especially when scraping third-party content at scale and storing potentially sensitive or copyrighted material on disk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Directing the agent to save a synthesized report via file-writing capabilities without explicit notice or confirmation means the skill can alter the local filesystem as part of normal execution. In agent environments, unannounced file creation is dangerous because it may overwrite existing files, persist scraped data unexpectedly, or violate user expectations around non-destructive analysis.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal