ClawHub

arXiv XHS Daily

Security checks across malware telemetry and agentic risk

Overview

This skill appears to support publishing paper summaries to Xiaohongshu, but it can use local account configuration to publish externally without a clear built-in approval step.

Install only if you intentionally want an agent to prepare and publish content to Xiaohongshu using your local account setup. Review the generated title, body, images, destination account, and config path before any publish run, and prefer a dry-run or draft workflow until the skill adds an explicit approval gate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill describes and instructs use of capabilities including network access, file read/write, shell execution, and environment-dependent publishing, but it does not declare any permissions. This creates a transparency and policy-enforcement gap: users or orchestration systems may treat the skill as lower risk than it actually is, increasing the chance of unintended filesystem changes, external network access, or account-backed posting actions.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The code loads configuration from an environment variable or fixed local path and then invokes an external publishing CLI capable of posting content to Xiaohongshu. In this skill's context, that creates a real capability for unintended or unauthorized publication if the environment/config is altered or if downstream callers pass untrusted content into the publishing path.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
This code path performs a real external side effect—publishing content—without any built-in confirmation, warning, or disclosure mechanism. In an automation skill that converts paper summaries into social posts, the lack of friction increases the risk of accidental posting, misuse by upstream prompt injection, or publication of unreviewed content under the user's account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal