ClawHub

xhs Agent

Security checks across malware telemetry and agentic risk

Overview

This Xiaohongshu assistant is instruction-only and purpose-aligned, but it can act through a logged-in social account and only clearly requires confirmation for publishing, not for replies or other account interactions.

Review before installing if you use a real Xiaohongshu creator account. Require explicit approval before every public or private account action, including replies, messages, likes, favorites, draft saves, and publishing; only configure optional image-generation API keys when you intend to use those providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal