Xhs Surfer

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for Xiaohongshu automation, but it can use a logged-in account to like, comment, follow, and read messages with weak consent boundaries.

Review carefully before installing. Use a separate or low-risk Xiaohongshu account if possible, prefer QR login over cookie files, keep interaction limits low, avoid marketing_surf unless explicitly needed, and require manual approval before comments, follows, or reading private messages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger condition is broad enough that ordinary requests about browsing or searching Xiaohongshu could automatically invoke a skill that performs real account actions such as liking, commenting, following, and message checking. In an agent setting, ambiguous activation increases the chance of unintended automation on a user's behalf, especially on a live social-media account.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The description advertises automated likes, comments, follows, and message access without prominent warnings, consent language, or boundaries around use. This is dangerous because users or calling agents may invoke the skill without understanding that it can perform public social actions and access private communications, creating privacy, reputational, and platform-policy risks.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal