Back to skill

Security audit

采用强大模型,一键生成小红书图文,助力品牌曝光和转化。适用于用户希望“生成小红书笔记/小红书文案/笔记”时,通过API自动生成结果而非手动撰写。

Security checks across malware telemetry and agentic risk

Overview

This skill openly uses a third-party XiaoNian API to generate Xiaohongshu notes and does not show hidden, destructive, credential-seeking, or persistent behavior.

Install only if you are comfortable sending the note topic, brand details, and any prompt text to xiaonian.cc for generation. Avoid including confidential business information, personal data, credentials, or regulated content unless that third-party processing is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill performs external network calls to a third-party API but does not declare any corresponding permission or capability boundary. This weakens reviewability and informed consent, because users and platform operators cannot easily see that user prompts will leave the local agent environment and be transmitted off-platform.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description instructs the agent to send user-provided task descriptions to an external API but does not warn the user that their content will be shared with a third party. This creates a privacy and data-handling risk, especially if users include personal data, confidential business information, or regulated content in the note-generation request.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.