ClawHub

小红书全能运营助手,AI生图 + 草稿发布

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: generate images and automate Xiaohongshu draft creation, but it controls logged-in browser pages and saves images/screenshots locally.

Install/use only if you are comfortable with browser automation acting inside your Xiaohongshu and Doubao sessions. Prefer a separate OpenClaw/browser profile, review drafts before confirming publication, avoid confidential prompt or post content, and periodically clean the generated_images and temporary upload/screenshot directories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The code comment says the screenshot is for previewing generated results, but it actually captures the full visible Doubao page with page.screenshot({ fullPage: false }). That can unintentionally save unrelated on-screen content from the user’s logged-in session, including previous chats, profile information, or other sensitive page data, to disk without tight scoping.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README promotes automated image generation and draft publishing for a social media account, but it does not clearly warn users about platform-policy, account-safety, or unintended content-posting risks. In a skill that automates login, content creation, and publishing workflows, missing warnings can lead users to run impactful actions without understanding the consequences to their account or brand.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill explicitly states it will automatically extract image URLs, download images, and save them to a local directory, but it does not clearly warn the user that local filesystem writes will occur or describe where data will be stored and retained. This can lead to unexpected disk writes, storage of untrusted remote content, and privacy or operational issues if users do not realize files are being persisted automatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises automatic UI interaction to trigger a login QR code when the user is not logged in, but it omits a clear warning that the automation will interact with an authenticated publishing platform and may affect account state. Browser automation around login and publishing is sensitive because users may not understand that the tool is driving account-access workflows and could act under their session.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script sends the user-provided prompt to external services (MiniMax API and, in fallback flow, Doubao) but does not clearly warn the user that their input leaves the local environment. If users include confidential, personal, or proprietary text in prompts, that data may be disclosed to third parties unexpectedly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal