ClawHub

小红书图文生成器

Security checks across malware telemetry and agentic risk

Overview

This skill is a local Xiaohongshu-style content generator that writes expected output files and uses browser rendering, with some setup and scoping cautions but no evidence of deception or malicious behavior.

Install only if you are comfortable with a local generator that can create and overwrite files in its configured output directory and may use browser access to gather trend context. Use a dedicated workspace, keep topic and outputDir values simple, and review generated HTML/images before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs fetching hot-topic data from third-party platforms such as 脉脉、微博、知乎, but it does not disclose that this requires network access or warn that prompts, identifiers, or contextual data could be transmitted externally. In a tool-enabled agent environment with browser access, this can lead to unintended outbound data exposure and user surprise, especially if the agent includes user-provided topics or surrounding context in requests.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill declares shell and filesystem tools and later provides command-line execution examples, but it does not clearly warn that local commands may be executed and files/directories will be created or modified. In an agent setting, this increases the risk of unexpected local side effects such as writing output into arbitrary paths or running commands without informed user consent.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "OpenClaw",
  "license": "MIT",
  "dependencies": {
    "puppeteer": "^21.0.0"
  },
  "peerDependencies": {
    "html-pages-to-images": "file:../html-pages-to-images"
Confidence
88% confidence
Finding
"puppeteer": "^21.0.0"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal