ClawHub

xhs-stable-comic

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only Xiaohongshu content-planning skill whose sensitive behavior is disclosed and mostly bounded by authenticity, health-claim, and anti-fabrication rules.

Before installing, treat this as a public-content workflow, not a fitness professional or compliance authority. Review platform AIGC disclosure rules before posting, avoid sharing unnecessary photos or body/health details, and manually check any fitness, nutrition, or health-adjacent claims for accuracy and safety.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guidance explicitly tells the agent to make output 'less AI-like' by producing an '人工改写版正文' and prioritizing真人素材, but it does not pair this with disclosure, authenticity, or platform-policy safeguards. In a social-content operations skill, that can enable deceptive presentation of AI-generated material as organic human-authored content, increasing moderation, trust, and misrepresentation risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When users report content was flagged as AI-generated, the playbook instructs reducing 'AI traces' such as template style and batch-like patterns, but does not warn against moderation evasion or policy violations. Because this skill is specifically for scaling Xiaohongshu content operations, the omission makes the behavior more dangerous by operationalizing a repeatable process for disguising AI-generated content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal