ClawHub

XHS Layout

Security checks across malware telemetry and agentic risk

Overview

This skill is a small Xiaohongshu layout generator that sends user-provided JSON to a configured upstream service, with disclosure gaps but no evidence of hidden or destructive behavior.

Install only if you trust the configured upstream service and are comfortable sending the selected Xiaohongshu content to it. Treat TS_TOKEN as sensitive, keep it out of logs and source files, and avoid submitting secrets, personal data, or regulated content unless you have approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares environment and network capabilities via metadata and behavior, but does not explicitly declare permissions for them. This weakens policy enforcement and reviewer visibility, making it easier for a skill to access secrets or send data externally without clear authorization boundaries. In this context, the risk is increased because the skill processes user JSON and relies on external proxy URLs and a token-bearing environment.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation states that the server converts user-supplied JSON and sends it upstream, but it does not clearly warn users that their prompt/content will be transmitted to an external service. This creates a data exposure and consent issue: users may include sensitive text, assuming local processing, when the content is actually forwarded off-platform. The skill context makes this more dangerous because it is designed for free-form user content generation, which commonly includes personal, proprietary, or account-related material.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal