ClawHub

Xiaohongshu Demand Discovery

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill mostly matches its Xiaohongshu research purpose, but it also includes live account actions and persistent session cookies that deserve manual review before install.

Install only if you trust this publisher with your Xiaohongshu session and are comfortable with a skill that can both collect public content and perform live account actions. Prefer using only demand-discovery/search/feed commands, avoid comment/interact/publish commands unless you explicitly intend them, protect or delete ~/.xiaohongshu/cookies.json when done, and pin/update dependencies before serious use.

SkillSpector (10)

By NVIDIA

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The module advertises a safety model with a manual confirmation checkpoint, but both publish_image() and publish_video() accept auto_publish=True and will click the publish button automatically. In an automation skill that posts to a live social-media account using existing cookies, this mismatch can cause unintended or unauthorized publication, especially if upstream agents trust the documented safety guarantee.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The client persists all browser cookies, which can include active authentication/session tokens, to a predictable file on disk under the user's home directory. If the host is multi-user, compromised, or the file permissions are too broad, an attacker who reads this file may be able to hijack the user's Xiaohongshu session without needing credentials.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code directly performs comment and reply posting actions on a live platform once the function is invoked, with no interactive confirmation, dry-run mode, or explicit user acknowledgment before submission. In an agent/skill context, this enables unintended or opaque account actions, making accidental spam, unauthorized posting, or misuse of the authenticated session more likely.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The collector persists scraped note/comment content, report data, and error details to local files without any explicit consent prompt, warning, retention control, or data-minimization guardrail. In this skill context, the data includes user-generated content and derived identifiers such as stable author hashes, so silent persistence increases privacy, compliance, and accidental exposure risk if the output directory is shared, backed up, or later ingested by other tools.

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.40.0
markdown>=3.5
pytest>=7.0
pytest-mock>=3.0
Confidence
94% confidence
Finding
playwright>=1.40.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.40.0
markdown>=3.5
pytest>=7.0
pytest-mock>=3.0
Confidence
97% confidence
Finding
markdown>=3.5

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.40.0
markdown>=3.5
pytest>=7.0
pytest-mock>=3.0
Confidence
90% confidence
Finding
pytest>=7.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
playwright>=1.40.0
markdown>=3.5
pytest>=7.0
pytest-mock>=3.0
Confidence
93% confidence
Finding
pytest-mock>=3.0

Known Vulnerable Dependency: markdown — 2 advisory(ies): CVE-2025-69534 (Python-Markdown has an Uncaught Exception); CVE-2025-69534 (Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like se)

High
Category
Supply Chain
Confidence
96% confidence
Finding
markdown

Known Vulnerable Dependency: pytest — 1 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling)

Low
Category
Supply Chain
Confidence
78% confidence
Finding
pytest

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal