Back to skill

Security audit

小红书笔记批量下载

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Xiaohongshu bulk-downloader that uses a user-enabled logged-in Chrome debugging session and saves selected account content locally.

Install only if you intend to let a local script control a logged-in Xiaohongshu Chrome tab and save note text/images to disk. Prefer a separate Chrome profile, keep remote debugging bound to localhost and enabled only while using the skill, close Chrome afterward, choose a dedicated output folder, and download only content you are authorized to keep.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill automates a logged-in Chrome session via the DevTools Protocol, navigates the user's browser, enumerates content from another account, and writes scraped text/images to local disk, but it does not present an explicit security warning or require informed consent for these sensitive actions. This is dangerous because CDP access effectively inherits the user's authenticated browser context and can access or act on session-scoped data beyond what a normal unauthenticated script could do.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.