ClawHub

XHS Research Daily

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Xiaohongshu research digest tool with an explicit publish mode, but users should treat publishing as a real public account action.

Install only if you intend to use a logged-in Xiaohongshu account for research collection and possible posting. Keep runs in --dry-run mode until the generated draft and target account are reviewed, avoid enabling the provided cron publish example without operational controls, and consider redacting command errors if xsec_token values may appear in logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description says it can publish content back to Xiaohongshu, but it does not prominently warn that this is an external side effect using the user's logged-in account to create public content. In an agent setting, unclear disclosure around public posting can lead to accidental publication, reputational harm, or unauthorized actions on a real account.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The pipeline can publish generated content directly to Xiaohongshu when `publish=True`, but this file shows no confirmation gate, dry-run safeguard, or user-visible approval step before sending content to an external platform. In an automation skill whose purpose explicitly includes optional publishing, this creates a real risk of unintended posting, reputational harm, and leakage of synthesized or misconfigured content if the flag is enabled by another component or operator error.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The client passes xsec_token into an external mcporter subprocess as part of the expr argument, which can expose sensitive tokens to process inspection, logs, crash reports, or error messages. In this codebase, _run also includes expr in raised exceptions, increasing the chance that the token is disclosed if the subprocess fails.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
publish_content performs a real external side effect—posting content back to Xiaohongshu—without any confirmation, policy gate, or visible warning in the client code. In an automation skill that collects and republishes content, this increases the chance of accidental posting, unauthorized publication, or misuse if upstream input is compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal