Xiaohongshu Hotspot Writer1

Security checks across malware telemetry and agentic risk

Overview

This is a narrow Chinese drafting helper that fetches one public trends page and outputs Xiaohongshu copy in chat.

Install this if you want a Chinese Xiaohongshu AI-hotspot drafting assistant and are comfortable with it fetching the listed public TopHub page. Use explicit prompts to avoid accidental activation, and review generated posts for factual accuracy before publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger examples are broad enough that common user requests like '今日AI热点' or '帮我写小红书' could invoke this skill even when the user did not intend to browse TopHub or generate this specific style of content. That can cause unintended tool use, irrelevant responses, and prompt-routing errors, especially in environments with multiple overlapping skills.

Natural-Language Policy Violations

Medium

Confidence: 88% confidence
Finding: The skill is written to always operate in Chinese and produce Chinese-language output without checking the user's language preference. This can override user intent, degrade usability, and in multilingual deployments may cause miscommunication or incorrect content generation rather than a direct security compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal