ClawHub

小红书搜索雷达

Security checks across malware telemetry and agentic risk

Overview

This is a Xiaohongshu search/detail command-line skill that uses a disclosed third-party API token and saves local result logs, with documentation issues but no hidden or destructive behavior found.

Install only if you are comfortable sending Xiaohongshu search terms, note URLs, and your GUAIKEI_API_TOKEN to the GuaiKei API service. Treat the token as a credential, and delete or protect the skill's local logs if the queries or returned content are sensitive. Note that some marketing claims are broader than the implemented search/detail commands, and one documentation line incorrectly says Douyin instead of Xiaohongshu.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documentation overstates capabilities and understates prerequisites, claiming 'no login required' while requiring a private API token obtained out-of-band. This can mislead users into supplying a sensitive credential to a third-party service under false assumptions, and it obscures what data is actually fetched and stored.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The CLI writes the full detail lookup output, including note data derived from a user-supplied Xiaohongshu URL, to a local JSON file without an explicit opt-in. This creates an additional persistence channel beyond immediate console output, which can unintentionally retain scraped content, metadata, or sensitive business research data on disk where other local users, backups, or downstream tooling may access it.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The CLI sends the user-provided note URL to an external API service to create and retrieve a detail task, but the execution path does not prominently warn at run time that the URL will leave the local environment. In a marketing-intelligence context, queried URLs can reveal research targets, customer interests, or campaign intent, so silent transmission can create a privacy and operational-security concern even if the feature is expected.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The CLI writes the full search output, including the queried keyword and returned results, to a local JSON file automatically without obtaining consent or clearly warning the user. This creates a privacy and data-handling risk because potentially sensitive research terms, marketing investigations, or collected third-party content may be stored on disk where other local users, backup systems, or logs can access it.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal