ClawHub

小红书智能回复助手

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Xiaohongshu reply assistant, but its account-connected mode asks users to use session credentials and missing scripts that cannot be reviewed.

Offline use for drafting reply suggestions is reasonable. Before using API monitoring, do not provide web_session cookies or xsec_token values, or run install.sh or referenced scripts from another source, unless you have reviewed the actual implementation and understand what data it stores, sends, and can access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly supports API integration and suggests supplying a web session cookie, but it does not clearly disclose the sensitivity of that credential or warn that account/session data may be sent to external components such as a third-party API integration or MCP server. In this context, users may unknowingly expose authenticated session material, enabling account misuse, unauthorized access, or leakage of private platform data if the integration is untrusted or insecure.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes broad English phrases such as "xiaohongshu reply" and especially "rednote comments," which may match user requests that are not specifically asking to invoke this skill. Overly broad triggers can cause unintended skill activation, exposing user comment data or causing the agent to use this skill in inappropriate contexts, particularly because the skill supports API-backed monitoring and batch processing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal