ClawHub

xiaohongshu-cover-gen

Security checks across malware telemetry and agentic risk

Overview

This image-generation skill is coherent, but it asks users to store live Lovart login cookies and includes an unsafe download path that disables HTTPS verification.

Install only if you are comfortable giving the agent access to a Lovart session cookie that can act as your account. Use a dedicated Lovart account if possible, keep .lovart_cookies.json private and out of version control, and patch or avoid the download helper because it disables HTTPS certificate checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill text instructs use of shell-capable behaviors indirectly via Node.js/Python operations and browser automation workarounds, but it does not declare corresponding permissions. Undeclared execution capability reduces transparency and can enable unexpected local code execution or file/network access during a seemingly simple image-generation workflow.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
This skill’s documented behavior goes well beyond cover generation by handling cookies, decoding JWTs, inspecting authentication state, downloading remote content, and explicitly recommending TLS verification bypass via rejectUnauthorized: false. That combination creates real security risk: it exposes sensitive auth material and enables man-in-the-middle tampering of downloaded files.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The README instructs users to extract browser cookies from DevTools and store them locally for authentication. That creates a credential-handling workflow that can expose session tokens to theft, reuse, and account compromise, especially in an agent/automation context where files and logs may be broadly accessible.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Referencing an image download script that bypasses SSL/TLS weakens transport security and enables man-in-the-middle tampering or interception of downloaded content. Even if intended as a compatibility workaround, normalizing SSL bypass in a skill materially increases risk and exceeds what should be necessary for a content-generation workflow.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The document instructs operators to extract persistent Lovart authentication cookies, including a JWT, from a real browser session and inject them into an automated browser. That enables session reuse and impersonation of the account holder, and materially increases the risk of credential theft, unauthorized account access, and misuse beyond the stated XHS image-generation purpose.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The download workflow explicitly disables TLS certificate validation via NODE_TLS_REJECT_UNAUTHORIZED=0 and rejectUnauthorized: false. This makes HTTPS connections vulnerable to man-in-the-middle interception and content tampering, allowing attackers to substitute malicious or corrupted files while appearing to use a secure channel.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script explicitly disables TLS certificate validation both via NODE_TLS_REJECT_UNAUTHORIZED=0 and rejectUnauthorized: false, which allows man-in-the-middle interception and tampering of downloaded content. In this skill context, the script fetches remote images that may later be trusted as generated assets, so an attacker on the network or behind a hostile proxy could silently replace the image or deliver malicious payloads disguised as media.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README tells users to export and persist authentication cookies but does not include explicit warnings about the sensitivity of these credentials or the risk of account takeover. In practice, users may store the cookie file insecurely, share it, or accidentally commit it to source control.

Missing User Warnings

High
Confidence
97% confidence
Finding
The README references SSL bypass for image downloading without warning users that disabling certificate verification undermines integrity and confidentiality protections. This can lead users to adopt unsafe defaults and trust manipulated network responses.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell users to extract and store sensitive cookies and a JWT in a local JSON file without strong security guidance, despite these values being equivalent to active session credentials. In practice, this encourages insecure credential handling, leakage through files, backups, terminals, or logs, and unauthorized reuse of the user's account.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill normalizes disabling TLS verification as a workaround but does not clearly warn that this defeats core transport security guarantees. That omission makes misuse more likely and can lead operators to adopt an unsafe pattern broadly, exposing downloaded content and possibly credentials to interception or tampering.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Certificate validation is intentionally turned off without any strong user warning or compensating control, so users are pushed into an insecure default that accepts untrusted HTTPS endpoints as if they were legitimate. This materially increases the chance of tampered downloads, credential interception via redirected flows, or retrieval of attacker-controlled content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal