ClawHub

Yq Xiaohongshu Collector

Security checks across malware telemetry and agentic risk

Overview

This skill is not malware, but it is a bulk Xiaohongshu scraping workflow that pushes agents to copy complete posts, images, usernames, and comments with little privacy scoping.

Install only if you have a lawful, policy-compliant reason to collect Xiaohongshu content. Use narrow search scopes, avoid private or sensitive topics, redact usernames and personal details where possible, and prefer summaries or short excerpts over full copied posts and comment threads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill is explicitly designed to collect and preserve large amounts of third-party Xiaohongshu content, but it provides no privacy notice, minimization guidance, or warning that collected posts/comments may contain personal data. In this context, the omission is risky because the workflow encourages systematic copying and redistribution of user-generated content at scale.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The OCR instruction tells the agent to extract text from images without warning that screenshots and photos may contain sensitive information such as names, contact details, IDs, addresses, or private conversations. Because the skill also emphasizes verbatim retention, OCR materially increases the chance of exposing sensitive data that users may not realize is embedded in images.

Ssd 3

Medium
Confidence
96% confidence
Finding
These instructions prioritize verbatim preservation of posts, image text, comments, nicknames, and timestamps, creating a direct natural-language data leakage pathway. In a social-platform scraping context, this is especially dangerous because it facilitates bulk extraction and republication of personally linked user-generated content beyond the original platform context.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill directs the agent to load all comments and record as much detail as possible, which encourages overcollection of third-party user content. This materially raises privacy and disclosure risk because comment threads often contain personal opinions, identifiers, relationships, and incidental sensitive details not necessary for most research tasks.

Ssd 3

Medium
Confidence
96% confidence
Finding
The deep-collection workflow mandates full extraction of note text, all images, and all comments into a structured report, turning the agent into a bulk replication tool for third-party content. The skill context makes this more dangerous because it is not incidental browsing; it is systematic harvesting and packaging of raw social-media content for downstream reuse or redistribution.

Ssd 3

High
Confidence
98% confidence
Finding
The templates explicitly require inclusion of full post bodies, image text, comment text, usernames, replies, and links, which operationalizes large-scale disclosure of identifiable user-generated data. This is dangerous because it standardizes and normalizes reproduction of raw platform content in a shareable report, increasing privacy, copyright, and misuse risk.

Ssd 3

High
Confidence
98% confidence
Finding
The final report template aggregates complete raw content and quoted comments into a single structured artifact, making mass disclosure easy and portable. Consolidation at this scale heightens harm because it strips content from its original context and audience controls, enabling downstream redistribution, profiling, or republishing of third-party data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal