ClawHub

xhs-note-health

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the advertised note health check, but it relies on exported Xiaohongshu session cookies without enough safety warnings or scoping.

Review before installing. Use this only if you are comfortable giving the skill access to a logged-in Xiaohongshu creator session. Export only creator.xiaohongshu.com cookies, keep the cookie file private, do not commit or share it, and treat JSON or Markdown reports as sensitive account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises and instructs use of file reads, file writes, and network access, but declares no permissions or trust boundaries. That makes the capability set opaque to the agent/user and increases the chance of silent access to local cookie files and remote account data without informed consent or policy enforcement.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs users to export live creator-site cookies, which are effectively authentication secrets, but does not warn that these cookies can grant account access and may expose private creator data if mishandled. In the context of an agent skill that automates backend API access, this is a real security issue because users may normalize insecure storage, sharing, or reuse of high-value session credentials.

Vague Triggers

Low
Confidence
75% confidence
Finding
The trigger phrases are broad enough that an agent may invoke the skill whenever a user mentions account health or note status, without clear confirmation that the user intends API-backed access using stored cookies. In this skill's context, that increases the chance of unexpected execution against a sensitive authenticated account context, especially because the skill operates on all notes rather than a narrowly scoped subset.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill requires creator-backend authentication cookies but does not clearly warn that these cookies are sensitive account credentials equivalent to a logged-in session. Supplying them to a script creates risk of account takeover, unauthorized API use, and leakage through logs, files, or unintended transmission if the script or environment is compromised.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs the agent to run a script that queries the creator-backend API, but it does not clearly disclose that authenticated account note data will be accessed over the network. In this context, the omission is security-relevant because the skill processes private creator data and uses session cookies, so users/agents may trigger data access without adequate awareness or approval.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal