Back to skill

Security audit

Huo15 Xhs Pgy Test

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for Xiaohongshu PGY blogger research, but it asks agents to handle account credentials and collect sensitive platform analytics without enough safety boundaries.

Review before installing. Use only with an account you are authorized to automate, avoid sharing credentials in plain chat where possible, confirm each login and data-collection run, and treat extracted pricing and audience-demographic reports as sensitive business data. I found no evidence of malware, exfiltration, destructive behavior, or hidden persistence; VirusTotal and static scan were clean.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The alias trigger "pgy" is extremely broad and can match many unrelated user messages, increasing the chance that this credentialed browser-automation skill activates unintentionally. Because the skill performs login and data extraction on a third-party platform, accidental invocation raises the risk of unnecessary credential use and unintended collection of sensitive business or audience data.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description defines activation in very broad terms like searching bloggers or collecting blogger data, without clear scope limits or exclusions. In a skill that logs into a private platform and extracts profile, pricing, and audience analytics, vague activation criteria can cause over-collection and execution in contexts the user did not clearly intend.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill is designed to extract detailed profile, pricing, and audience-demographic data, but it provides no privacy notice, use limitation, or handling guidance. Even if the platform exposes this data to logged-in users, aggregating and reporting it can increase privacy and compliance risk, especially for fan demographics and business-sensitive pricing information.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill requires the user to provide PGY account credentials and then automates login to a third-party service, but it contains no safeguards for secret handling, storage, redaction, or least-privilege use. Credentialed automation materially increases risk because leaked or mishandled credentials could expose the user's account and all accessible creator, pricing, and audience data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide explicitly instructs an operator to enter account credentials and then collect detailed blogger/profile analytics, but it provides no safeguards for secret handling, least-privilege use, storage limits, or restrictions on sensitive data extraction. In an agent-skill context, this is dangerous because automation around login flows and bulk profile extraction can expose account credentials and regulated or proprietary platform data through logs, prompts, screenshots, reports, or downstream systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.