ClawHub

小红书舆情哨兵

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it can automatically reuse a Xiaohongshu session cookie found in local scripts without a clear per-run opt-in.

Review before installing. Use a dedicated low-privilege Xiaohongshu account, prefer passing XHS_COOKIE explicitly for each run, and remove or protect old xhs-monitor scripts if you do not want this skill to reuse their cookies. Only configure Telegram or WeCom delivery if you are comfortable sending report contents and screenshots to those services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code does more than read the documented XHS_COOKIE environment variable: it scans several local shell-script locations and extracts an exported cookie value from them. That expands the trust boundary and can silently harvest authentication material from unrelated local files, creating unauthorized credential reuse and possible cross-skill secret exposure on shared hosts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs users to configure authentication cookies and external message delivery channels, but it does not clearly warn that this may transmit account-linked data, scraped content, screenshots, and metadata to third-party services. In context, this is more dangerous because the skill collects platform content and screenshots, then encourages forwarding results via Telegram or WeCom, increasing privacy and data leakage risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal