ClawHub
Back to skill

Security audit

小红书

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local Xiaohongshu client with guarded publishing; the main risk is the separate third-party MCP service and account session the user chooses to run.

Install only if you are comfortable separately trusting and pinning the xiaohongshu-mcp component. Use a dedicated Xiaohongshu account, keep the MCP service bound to localhost, review each publish preview before approving, and stop the service plus revoke the login device when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill exposes environment and network-backed capabilities but does not declare permissions, which weakens transparency and policy enforcement for users and orchestrators. In this context the skill can reach a local HTTP service and relies on environment variables for safety gates, so missing declarations can lead to unintended invocation or execution in environments that would otherwise restrict it.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger condition is broad enough that ordinary mentions of Xiaohongshu/RedNote could auto-select a skill capable of networked actions and content publishing. Even with the documented guardrails, unintended invocation increases the chance of unnecessary data access, confusion, or escalation toward a publish workflow when the user only wanted discussion or analysis.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.