ClawHub

小红书自动发布助手

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Xiaohongshu drafting and publishing helper; its main risks are the expected ability to post from a logged-in account and the need to keep scheduled use approval-gated.

Install this only if you want an assistant to draft and potentially publish Xiaohongshu posts using a logged-in creator session. Review the title, body, tags, and cover before approving publication, keep cron jobs limited to draft-and-review unless you intentionally authorize each post, and save generated covers only to ordinary working directories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The skill states 'Never auto-publish' and requires explicit user approval, but the cron section describes scheduled daily posting without preserving that approval gate. In practice, this can lead operators or downstream agents to publish content automatically on a schedule, causing unauthorized posting, reputational harm, or policy violations if drafts are sent live without fresh approval.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide instructs the agent to click the publish button and verify success without requiring an explicit final user confirmation immediately before the irreversible submission. In a browser-automation skill that can act on a logged-in creator account, this creates a real risk of unintended posting, especially if draft content is wrong, incomplete, or generated from mistaken context.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal