ClawHub

小红书MCP补丁包

Security checks across malware telemetry and agentic risk

Overview

This is a plausible troubleshooting skill, but its repair commands handle login cookies, kill local processes, and start an unverified background service with too little user control.

Review every command before running it. Do not run the one-click script unless you have confirmed what process is using port 18060 and verified the Xiaohongshu MCP binary and its source. Treat cookies.json as a login credential: avoid copying it into /tmp, restrict file permissions, and remove extra copies after troubleshooting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script forcibly terminates whatever process is bound to port 18060 using kill -9, without validating ownership, process identity, or prompting the user. This can disrupt unrelated local services and can be abused in operational contexts to kill legitimate processes unexpectedly.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script copies a sensitive cookies.json file into multiple locations including /tmp, which is commonly accessible, ephemeral, and often less protected. Duplicating authentication material across broad locations increases the chance of credential theft, accidental disclosure, or reuse by other local processes.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script restarts a local service and issues an HTTP initialization request without warning the user about the operational side effects. This can unexpectedly launch software, alter runtime state, and interact with a service endpoint the user did not intend to contact at that moment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal