Security audit

Xiaohongshu Proxy Manager

Security checks across malware telemetry and agentic risk

Overview

This is a real proxy manager, but it is explicitly built for multi-account Xiaohongshu ban/detection avoidance and handles proxy credentials unsafely.

Install only if you understand the legal, platform-policy, and credential risks. Do not use it to evade service rules or bans, and avoid storing real proxy passwords in this JSON config unless file access, backups, logs, and terminal output are tightly controlled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (7)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation shows proxy credentials stored in a local JSON file with plaintext username and password fields but does not prominently warn users about that sensitive storage model. This increases the risk of credential disclosure through backups, local compromise, shared environments, or accidental publication.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The tool persists proxy usernames and passwords in plaintext JSON under the user's home directory without any warning, masking, encryption, or permission hardening. This creates a real secret exposure risk because local users, backups, logs, or other tools that read the workspace can recover reusable proxy credentials.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: Proxy testing sends outbound traffic to an external URL through the configured proxy, which can disclose the user's activity pattern and transmit proxy authentication material to third parties without explicit notice. In this skill's context, the feature is central to operation, but the lack of consent and disclosure still creates a genuine privacy and credential-handling risk.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The account lookup path prints full proxy URLs with embedded usernames and passwords directly to stdout. Secrets shown on screen can be captured by shell history, terminal logging, CI logs, screenshots, or other users on shared systems, making credential compromise likely.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The random proxy retrieval feature exposes complete authenticated proxy URLs on stdout, creating the same credential leakage issue as the account-specific export path. Because this is designed for quick repeated use, it increases the chance that secrets are copied into logs, terminals, or automation artifacts.

Natural-Language Policy Violations

High

Confidence: 96% confidence
Finding: The skill explicitly advertises using per-account IP isolation to avoid bans and to simulate real users, which is behavior aimed at evading platform detection and enforcement. In the context of a multi-account proxy manager for Xiaohongshu, this materially raises the risk that the tool is used for deceptive account farming, abuse, or policy circumvention rather than ordinary privacy protection.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill documents plaintext proxy credentials in the config example and instructs users to inspect the config file directly during troubleshooting. Exposing or encouraging direct display of secrets increases the chance credentials are leaked to terminal history, logs, screenshots, or other users on the system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.