ClawHub

小红书视频深度总结

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims: downloads a user-provided Xiaohongshu video, transcribes it locally, summarizes it, and cleans up temporary files.

Install only if you are comfortable with the skill downloading Xiaohongshu media and running local ffmpeg and Whisper processing. Use it from a dedicated working directory, avoid links you do not trust, and make sure the separate xiaohongshu-extract dependency is installed from a trusted source.

Publisher note

小红书视频深度总结

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
sys.exit(1)

    print("2/4 Downloading video...")
    subprocess.run(["curl", "-s", "-L", video_url, "-o", "xhs_temp.mp4"], check=True)

    print("3/4 Extracting audio...")
    subprocess.run(["ffmpeg", "-i", "xhs_temp.mp4", "-vn", "-acodec", "libmp3lame", "-q:a", "2", "xhs_temp.mp3", "-y", "-loglevel", "error"], check=True)
Confidence
93% confidence
Finding
subprocess.run(["curl", "-s", "-L", video_url, "-o", "xhs_temp.mp4"], check=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
subprocess.run(["curl", "-s", "-L", video_url, "-o", "xhs_temp.mp4"], check=True)

    print("3/4 Extracting audio...")
    subprocess.run(["ffmpeg", "-i", "xhs_temp.mp4", "-vn", "-acodec", "libmp3lame", "-q:a", "2", "xhs_temp.mp3", "-y", "-loglevel", "error"], check=True)

    print("4/4 Transcribing audio with Whisper...")
    subprocess.run(["whisper", "xhs_temp.mp3", "--model", "base", "--language", "zh", "--output_dir", ".", "--output_format", "txt"], check=True)
Confidence
88% confidence
Finding
subprocess.run(["ffmpeg", "-i", "xhs_temp.mp4", "-vn", "-acodec", "libmp3lame", "-q:a", "2", "xhs_temp.mp3", "-y", "-loglevel", "error"], check=True)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
subprocess.run(["ffmpeg", "-i", "xhs_temp.mp4", "-vn", "-acodec", "libmp3lame", "-q:a", "2", "xhs_temp.mp3", "-y", "-loglevel", "error"], check=True)

    print("4/4 Transcribing audio with Whisper...")
    subprocess.run(["whisper", "xhs_temp.mp3", "--model", "base", "--language", "zh", "--output_dir", ".", "--output_format", "txt"], check=True)

    print("======================================")
    print("Done! Outputs generated:")
Confidence
86% confidence
Finding
subprocess.run(["whisper", "xhs_temp.mp3", "--model", "base", "--language", "zh", "--output_dir", ".", "--output_format", "txt"], check=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill invokes shell commands and reads generated files, but it does not declare corresponding permissions or capabilities in a visible, enforceable way. This creates a transparency and policy-enforcement gap: reviewers or runtime controls may underestimate what the skill can do, increasing the chance of unsafe execution or abuse if the script behavior changes.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger condition is broad enough that the skill may activate on many user requests involving Xiaohongshu links and summarization, without clear consent boundaries or disambiguation. Over-broad activation increases the risk of surprising shell execution, external fetching, and local file operations when the user may have intended a simpler or safer action.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill mandates deletion of files via shell commands after processing, but does not warn the user or show safeguards around path handling, working directory, or file ownership. Destructive cleanup is risky because execution in an unexpected directory or with filename collisions could remove unintended files, and users are not given a chance to preserve outputs they may need.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal