Xiaohongshu Mcp Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Xiaohongshu publishing purpose, but it can post to a logged-in social account through a local service without a clear required final approval step.

Install only if you trust the external xiaohongshu-mcp service and are comfortable giving it access to a logged-in Xiaohongshu account. Keep the local service stopped except when actively publishing, review the generated title/content/images first, require an explicit final confirmation before every publish, and protect or delete the cookie/session file after use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill describes and enables network-capable behavior such as web searches and HTTP calls to a local publishing service, but it declares no permissions. This creates a transparency and policy-enforcement gap: users or hosting platforms may not realize the skill can make outbound or localhost requests, which can lead to unintended data exposure or unauthorized actions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The skill metadata says it performs Xiaohongshu automation, but the operational detail that it connects to a local HTTP service on localhost:18060 for login checks and publishing is not clearly disclosed in the description. Hidden localhost interaction is security-sensitive because local services are often trusted, may expose privileged actions, and can be abused to trigger account actions or access local agent infrastructure without clear user awareness.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The file states that login cookies are stored in a temporary file and automatically loaded by the MCP service, but provides no guidance on protecting these session artifacts. Because cookies represent authenticated session state for a social-media account, local disclosure, weak file permissions, or accidental reuse could let another local process or user hijack the account session and publish or read data as that user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal