Trust Assessment
Xiaohongshu Uploader received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary File Read/Upload via Skill Input, Cookie Path Override via Environment Variable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary File Read/Upload via Skill Input The `upload` function directly uses `args.files` (which originates from untrusted user input) with `setInputFiles` without any validation of file paths or types. This allows an attacker to specify arbitrary file paths on the host system (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) for the skill to read and attempt to upload to Xiaohongshu. This constitutes a severe data exfiltration and excessive permissions vulnerability. Implement strict validation on `args.files`. Only allow files from a designated, sandboxed upload directory. Validate file extensions and MIME types to ensure they are legitimate images or videos. Prevent path traversal attacks (e.g., `../`). Ideally, the skill should receive file content or secure file handles rather than arbitrary paths. | LLM | optimized_xiaohongshu.ts:77 | |
| HIGH | Cookie Path Override via Environment Variable The `COOKIE_PATH` variable, used for storing and loading session cookies, can be overridden by the `XHS_COOKIE_PATH` environment variable. This allows an attacker, if they can control the environment variables of the skill's execution process, to redirect the cookie storage to an arbitrary location. This could lead to data exfiltration of session cookies or interference with the skill's operation by providing a malicious cookie file. Restrict the `COOKIE_PATH` to a secure, skill-controlled directory relative to the skill's root. Disallow arbitrary environment variable overrides for sensitive paths, or implement robust validation to ensure any provided path remains within the skill's designated data directory and does not allow for path traversal. | LLM | optimized_xiaohongshu.ts:13 |
Scan History
Embed Code
[](https://skillshield.io/report/7f5fc42995921b95)
Powered by SkillShield