xiaohongshu-create

Security checks across malware telemetry and agentic risk

Overview

This is a simple instruction-only Xiaohongshu publishing helper, with the main risk being accidental public posting if the user lets it proceed.

Install only if you are comfortable letting an agent operate a logged-in Xiaohongshu creator session. Before any final publish click, review the target account, text, generated image or uploaded media, title, tags, and any Feishu recording step.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README documents a workflow that culminates in publishing user content, but it does not warn that invoking the skill can perform a data-affecting external action. This can lead users or downstream agents to trigger posting without clear confirmation boundaries, increasing the risk of unintended publication, privacy leakage, or reputational harm.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal