Skillv1.0.1

ClawScan security

小红书笔记抓取与选题助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 12, 2026, 3:29 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill does what its name/description say — it contains scripts to fetch and structure public Xiaohongshu notes and to call TikHub or other search APIs — but it accepts user-provided cookies/tokens and can send data to third-party endpoints, so use caution with secrets and external endpoints.
Guidance: This package appears coherent for scraping and structuring public Xiaohongshu notes, but pay attention to secrets and external endpoints before running: 1) Do not paste full browser cookie strings or session tokens into untrusted environments — those are equivalent to logging in as you. 2) TikHub API calls will send your TikHub token to api.tikhub.io (expected); only use tokens you control and trust the third party. 3) The generic API script (search_notes_generic.py) will call whatever base_url you provide with whatever token/header you give it — avoid pointing it at unknown hosts to prevent accidental secret exfiltration. 4) generate_wow_pack encodes content into a mermaid.ink URL — generating/sharing that URL will upload the encoded content to a third-party service when the URL is resolved. 5) If you run the Playwright scraper, installing Playwright will download browser binaries; run it in a sandbox or environment where you can vet the network activity. 6) Ensure your usage complies with Xiaohongshu’s terms, robots.txt, and privacy rules. If you need to proceed: run locally in an isolated environment, avoid reusing high-privilege session cookies, and inspect outputs before sharing.

Review Dimensions

Purpose & Capability: okThe name/description (抓取小红书笔记并结构化输出) aligns with the included files: multiple fetchers (HTTP and Playwright), TikHub API callers, result processors, and export tools. The code and SKILL.md consistently implement search-by-keyword, single/batch URL fetch, and output generation.
Instruction Scope: noteRuntime instructions are narrowly scoped to fetching pages, parsing metadata, and exporting results. They do request user-provided cookie strings/files and API tokens (TikHub or generic endpoints), and they produce optional screenshots/HTML. These are relevant to the stated task but are sensitive inputs (browser cookies/session tokens). The generic adapter (search_notes_generic.py) can call any base_url you supply — that is powerful and can be misused if pointed at a malicious endpoint.
Install Mechanism: noteThere is no formal install spec (instruction-only skill), which is low-risk. The repo contains package.json/package-lock and instructs installing playwright when using the browser-mode scraper — installing Playwright downloads browser binaries (normal for this task but more heavyweight). All downloads referenced are standard registries (npm) and known endpoints (no obscure download URLs in SKILL.md).
Credentials: noteThe skill does not declare required env vars and does not require unrelated credentials. It does legitimately require API tokens or cookie files provided by the user to access TikHub or to fetch authenticated pages. Because the generic search script accepts arbitrary base_url + token, a misconfigured usage could leak a token to an unintended endpoint — the files and instructions make this possible but it is user-driven rather than hidden.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence. It does not modify other skills or system-wide configs. It runs as invoked and writes output files in the working directory (expected behavior).