xhs-content

Security checks across malware telemetry and agentic risk

Overview

This is a focused Xiaohongshu writing helper with no evidence of credential access, command execution, persistence, or hidden data handling.

Safe to install as a writing assistant. Review generated posts before publishing, especially claims about income, side hustles, career outcomes, or AI-tool results, and explicitly request another language if you do not want Chinese Xiaohongshu-style output.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 92% confidence
Finding: The prompt hard-codes Chinese-language output and a Xiaohongshu-specific persona without offering any language choice or user opt-in. This can override user expectations or upstream system behavior, causing undesired output language and reducing reliability in multilingual environments, though it does not directly enable code execution or data exfiltration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal