ClawHub

小红书定制化创作

Security checks across malware telemetry and agentic risk

Overview

This is a real Xiaohongshu posting skill that fits its purpose, but it can publish through a logged-in account and write to Feishu without a clear final approval step or logging scope.

Install only if you want an agent to publish real Xiaohongshu posts using your logged-in creator account. Before using it, require a final confirmation of the active account, exact post content, media, title, tags, and whether a Feishu record should be written; specify the Feishu destination or disable that step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README describes a workflow that culminates in publishing content to an external platform but does not warn that this action changes external account state or may disclose user-provided content. In an agent setting, missing disclosure and confirmation requirements can lead to unintended posting, privacy issues, or reputational harm if the automation acts on the user's behalf.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad natural-language requests that overlap with ordinary user intent to 'post to Xiaohongshu,' which can cause the skill to activate and perform a real publishing workflow without an adequately explicit confirmation boundary. In this context, the skill drives actions on a logged-in creator account, so accidental invocation can lead to unintended publication of content under the user's identity.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description and workflow do not clearly warn that the skill will carry out a real external-side effect by publishing content on the user's Xiaohongshu account. Because the documented prerequisites assume an already logged-in browser session, a user may not appreciate that invoking the skill can immediately post publicly, creating account, privacy, brand, or compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal