Back to skill

Security audit

小红书热点半自动化发布系统

Security checks across malware telemetry and agentic risk

Overview

This skill locally generates Xiaohongshu draft content pages and does not show hidden publishing, credential theft, exfiltration, or destructive behavior.

Install only if you want a local Xiaohongshu draft/page generator. Review generated posts before copying them to Xiaohongshu, avoid relying on broad auto-activation phrases for sensitive workflows, and clear browser LocalStorage if you do not want publish-status history left in the browser profile. Do not run publish_to_clawhub.sh unless you intentionally want to publish this skill through your ClawHub account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The README states the skill auto-activates on broad phrases like “小红书发布” and “一键发布,” which can easily appear in ordinary user conversation. In an agent environment, overly generic triggers can cause unintended invocation of automation-related behavior, increasing the chance of surprise actions or misuse of the skill outside explicit user intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The activation phrases are very broad and overlap with ordinary Xiaohongshu/content-generation discussions, so the skill may trigger when the user did not intend to invoke a publishing workflow. In an agent environment, overbroad activation can cause unintended behavior, unexpected content generation, or launching a workflow that handles user data without clear consent.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The skill documents storing publishing status in LocalStorage but does not mention retention, visibility, or how users can clear the stored data. While the data appears low sensitivity, persistent browser-side storage can still leak workflow history to other users of the same browser profile or surprise users who expect the page to be stateless.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.