小红书数据洞察大师 - 爆款挖掘与竞品分析专家

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Xiaohongshu data lookup tool, but users should understand that searches go to a third-party API and returned public content is saved locally.

Install only if you trust the publisher and the Guaikei API service with your Xiaohongshu search terms, note URLs, and returned public-content data. Use a dedicated revocable API token, avoid sensitive research terms if they should not leave your environment, and periodically delete the generated logs if local retention is not desired.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill requires the sensitive environment variable GUAIKEI_API_TOKEN, but the provided metadata does not appear to declare corresponding permissions despite exposing code-like command execution capabilities. This can weaken platform-level consent and review controls, making it easier for a skill to access secrets without clear user awareness.

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: The documentation claims all output is desensitized and does not involve personal information, but the stated output includes original note links and comment-analysis data without any concrete masking rules. This mismatch can cause downstream users to handle personal or user-generated content under false privacy assumptions, increasing the risk of unintended disclosure or noncompliant processing.

Intent-Code Divergence

Low

Confidence: 71% confidence
Finding: The skill states it only accesses publicly visible content, yet the detail workflow requires a full Xiaohongshu URL containing xsec_token or a short link that likely resolves to protected access parameters. That inconsistency is not proof of abuse by itself, but it is a trust and compliance concern because it may obscure how access control or anti-scraping tokens are being used.

Description-Behavior Mismatch

Low

Confidence: 92% confidence
Finding: The CLI persists full search output to a local JSON log file without clearly disclosing that behavior to the user. Even if the data is not highly sensitive by default, search keywords, timestamps, and retrieved content may reveal user interests, research activity, or business analysis targets, creating an avoidable privacy and data-retention risk on shared or managed systems.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The CLI persists fetched note details to a local JSON file by default after printing results, but the help text and runtime messaging do not clearly warn users that potentially sensitive scraped data will be stored on disk. In a data-insight/scraping context, silent persistence increases the risk of unintended retention, disclosure to other local users/processes, and accumulation of regulated or proprietary content.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: Search results are written to disk without an explicit warning in the CLI help or inline consent flow, which can surprise users who expect a transient retrieval tool. In this skill's context, the stored results may include competitive intelligence queries, trend research, or operational interests, so undisclosed persistence increases privacy, confidentiality, and compliance risk if the host is multi-user or monitored.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal