ClawHub

小红书视频下载器

Security checks across malware telemetry and agentic risk

Overview

The skill largely does what it says, but it uses the user's logged-in browser cookies by default, which is sensitive enough to require careful review before installation.

Review this before installing if you are not comfortable with a skill using your logged-in browser session for Xiaohongshu downloads. Prefer running with --browser none when possible, or use a dedicated browser profile for Xiaohongshu. Expect downloaded videos, audio, transcripts, metadata, and summaries to be saved locally in the output folder.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to perform shell execution plus file reads and writes, but it declares no permissions or trust boundaries. This is dangerous because users and the platform cannot clearly see that the skill can invoke local commands, read local files such as transcripts/templates, and write outputs into the filesystem, which increases the chance of unintended or unauthorized local access.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill extracts authenticated browser cookies and passes them to yt-dlp, granting access to the user's logged-in Xiaohongshu session. This is sensitive credential material and exceeds what many users would infer from a simple 'download video' capability, making unauthorized account-scoped access or privacy exposure possible if misused or if downstream tools log or mishandle the cookies.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes automatic browser cookie extraction for authenticated downloads, but does not clearly warn that browser cookies are sensitive credentials that can grant account access if mishandled. In the context of a Claude skill, this increases risk because the skill may normalize accessing local browser session data and encourage users to run it with privileged access to their authenticated environment.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation text is broad enough that the skill may trigger on general mentions of Xiaohongshu or summarization/downloading intent without sufficiently confirming the exact user request. Over-broad triggering is dangerous because it can cause the agent to initiate downloading workflows, shell commands, or cookie-backed access in contexts where the user did not clearly consent to those actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow relies on browser-based authentication/cookies to access content, but the description does not present a prominent warning that local browser cookies may be accessed or exported for the download step. This is risky because browser cookie access touches sensitive authentication material and can surprise users who may not realize the skill uses their logged-in browser state.

YARA rule 'info_stealer': Information stealer patterns (credential harvesting, browser data theft) [malware]

High
Category
YARA Match
Content
| `-o, --output` | Output directory | `~/Downloads` |
| `-q, --quality` | Video quality (`best`, `1080p`, `720p`, `480p`) | `best` |
| `--browser` | Browser for cookies (`chrome`, `firefox`, `safari`, `none`) | `chrome` |
| `-a, --audio-only` | Download audio only as MP3 | `false` |
| `--list-formats` | List available formats | `false` |
| `--full` | Full resource pack mode | `false` |
| `--summary` | AI summary mode (implies `--full`) | `false` |
Confidence
72% confidence
Finding
cookies (`chrome`, `firefox`, `safari`, `none`) | `chrome

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal