Skill Xhs Mcp

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear XHS automation purpose, but it can control a real social account and publish or interact publicly through an unpinned external service with limited safety boundaries.

Install only if you trust and review the external xhs-mcp-service repository and its npm dependencies. Use a low-risk XHS account, keep the service reachable only by trusted local clients, require manual approval before likes, comments, replies, or posts, and understand that deleting cookies removes the stored login session.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill documents a destructive action that deletes login state/cookies without any warning about user impact, confirmation requirements, or recovery implications. In an automation context, this can unexpectedly log users out, disrupt sessions, and cause account-management issues if invoked by an agent without clear user consent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill advertises content-publishing capabilities without warning that these actions create public or account-affecting posts on the user's behalf. Because this is a social-media automation skill connected to a live localhost MCP service, an agent could trigger posting actions that cause unintended publication, reputational harm, or policy violations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal