小红书全栈采集专家

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Xiaohongshu collection skill, but it gives broad scraping, full-content harvesting, cloud export, and scheduled tracking instructions that need careful review before installation.

Install only if you are authorized to collect this Xiaohongshu data and can comply with platform terms, privacy rules, and copyright obligations. Set strict per-run limits, avoid collecting full comments or personal profile details unless necessary, review Feishu destinations and credentials before export, and disable or expire scheduled jobs when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README explicitly promotes exporting collected results to Feishu, an external third-party service, but does not clearly warn users that scraped or analyzed data will be transmitted outside the local environment. In a data-collection skill, this omission matters because users may unknowingly send personal, sensitive, or platform-derived data to Feishu, creating privacy, compliance, and data-handling risk.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly supports exporting collected Xiaohongshu data to Feishu Bitable, but it does not warn users that scraped content, profiles, and derived analytics may be transmitted to a third-party platform for storage. This creates a real data-handling and privacy risk because users may trigger external disclosure of collected data without clear consent, scope limits, or sensitivity checks.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill advertises recurring scheduled tracking of keywords and creator profiles, but it does not warn users about the ongoing nature of automated collection, repeated storage, and accumulation of profile/activity data over time. In this context, long-term monitoring increases privacy, compliance, and misuse risks because the skill is designed for exhaustive collection and persistence rather than one-off analysis.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The skill exposes broad, natural-language trigger phrases such as generic requests to collect, analyze, save, or schedule Xiaohongshu tasks. Because these phrases overlap with ordinary user conversation, the skill may activate unexpectedly and initiate scraping, storage, or outbound actions without sufficiently explicit user intent.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: Examples like '穷尽式采集' and '全面采集' encourage open-ended, exhaustive harvesting without concrete scope limits. In this skill's context, that ambiguity is especially dangerous because the rest of the document already instructs broad collection, full-note viewing, and all-comment capture, which can lead to overcollection and platform-abuse behavior.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill supports writing scraped content to local documents and Feishu Bitable, but it does not require prominent disclosure or consent before storing or externally transmitting collected data. Since the collected material includes near-complete note text, comments, profile metadata, and links, silent export meaningfully increases privacy, compliance, and data-leakage risk.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The scheduled-task feature enables repeated collection and notification delivery to group chat or email, yet the skill lacks clear warnings about persistent execution, cumulative data collection, and recurring external distribution. This creates an elevated risk of unnoticed ongoing scraping and repeated exfiltration of harvested content or analytics.

Ssd 4

Medium

Confidence: 96% confidence
Finding: The 'risk confirmation' workflow does not mitigate abuse; instead, it operationalizes how to continue large-scale scraping when activity approaches or exceeds platform limits. By framing anti-risk steps as a normal checklist for proceeding, the skill materially facilitates evasion of platform controls and makes unauthorized collection easier to scale.

Ssd 4

High

Confidence: 98% confidence
Finding: This section combines exhaustive search, full-content browsing, complete image/comment harvesting, and anti-detection pacing into a single operating model. That combination goes beyond benign browsing guidance and directly increases the capability to mass collect data while reducing the chance of detection, making the skill substantially more dangerous in context.

Ssd 3

High

Confidence: 97% confidence
Finding: The skill explicitly prioritizes preserving original text at very high fidelity and collecting all comments, then outputting them in structured reports. In a scraping context, this creates a direct natural-language data leakage path for third-party content and user-generated comments, potentially exposing personal data, copyrighted text, and sensitive profile information at scale.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal