ClawHub

XHS Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to manage and publish to a Xiaohongshu account, but it needs review because it may post publicly without a clear final user confirmation step.

Install only if you are comfortable giving the skill access to operate a logged-in Xiaohongshu account. Before using it, require the agent to show the exact title, body, media, target account, and visibility, then ask for explicit approval immediately before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill is scoped as a publisher, but it also documents navigating to user profile pages to extract follower counts and note counts. That expands the capability from publishing into profile scraping, which is unrelated to the stated purpose and can enable collection of third-party data without clear user need or consent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description says the skill can be used to 'manage their Xiaohongshu account,' which is broader than publishing and can trigger the skill for generic account-management requests. In an automated agent setting, overly broad routing can cause the agent to take sensitive account actions outside the user's intended scope.

Missing User Warnings

High
Confidence
96% confidence
Finding
The workflow proceeds directly to clicking the final publish button without an explicit confirmation or final user review step. Because publishing is an irreversible outward-facing action, an agent could post incorrect, unauthorized, or policy-violating content on the user's behalf with immediate reputational and account-safety consequences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal