Back to skill

Security audit

Super Xiaohongshu Mcp Skill 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent, but it gives an agent live control over a Xiaohongshu account without enough safeguards around public actions and stored session cookies.

Install only if you intend to let an agent operate a real Xiaohongshu account. Protect cookies.json like a password, avoid shared or synced folders, verify the third-party binary source, and require explicit confirmation before publishing, commenting, liking, favoriting, deleting cookies, or running batch interactions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The description includes unexplained, nonsensical trigger-like text ('ulysses consistency programmingcomtitled...') that is unrelated to the skill’s function. In an agent skill, such opaque prompt-like fragments can act as hidden activation cues or adversarial prompt material, increasing the risk of unintended behavior and making the skill harder to review safely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises account-modifying actions such as publishing, liking, commenting, favoriting, and deleting cookies without clearly warning that these operations can alter a real user account and create platform-visible side effects. In an agent context, missing guardrails around state-changing actions can lead to accidental posting, engagement abuse, or account disruption.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instructions state that authentication cookies are saved locally in `cookies.json` but do not warn that this file is equivalent to a live session credential. Anyone or any process with access to that file may be able to impersonate the Xiaohongshu account without re-entering credentials, especially since the skill is designed for automated account operations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide documents actions that can publish content and perform public engagement on a user's Xiaohongshu account, but it does not clearly warn that these are account-modifying operations with external, potentially irreversible effects. In an agent setting, this increases the risk of unintended posting, liking, favoriting, or commenting on a user's behalf, especially if the tool is invoked automatically or by a mis-scoped prompt.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation states that login state depends on local cookies and includes a cookie deletion/reset capability, but it does not warn users that authentication artifacts are sensitive local credential material. This can lead to unsafe handling of cookies, accidental credential exposure, or confusion about how authentication state changes affect account access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.