Xiaohongshu Assistant Operator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is transparent about operating one Xiaohongshu account, but it automates public posting/commenting and includes algorithm-suspicion avoidance without clear approval controls.
Install only if you are authorized to operate the named Xiaohongshu account. Use draft-only or confirmation-before-publish controls, avoid platform-evasion behavior, keep a clear stop condition for scheduled cycles, and review any optional helper script before running it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
60/60 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could post promotional content and reply publicly from the creator account, affecting reputation, followers, and account standing.
This directs the agent to take public account actions immediately on trigger, but the artifacts do not require user preview or approval before publishing posts or interacting with comments.
When manually triggered: - Execute one full daily cycle - Publish 3 posts - Run 1 interaction cycle
Require explicit user approval for each draft post and comment before publishing, and consider running in draft-only mode by default.
If connected to an active Xiaohongshu session, the agent may act with the creator account’s privileges.
The skill is explicitly tied to a specific creator account and includes publishing and comment-management duties, which require delegated account authority even though no credential boundary is defined in the artifacts.
This skill operates as the exclusive AI assistant for the Xiaohongshu creator: > Bu Zhuan Dao Da Mo Xing Bu Gai Ming > Xiaohongshu ID: 4740535877
Use only with clear authorization from the account owner, a dedicated scoped login/session if possible, and clear procedures for revocation and audit.
Using the skill could violate platform expectations or increase account-risk if the platform treats the activity as undisclosed automation or spam-like marketing.
The skill includes an explicit goal of reducing platform algorithmic suspicion, which suggests the automation may be tuned to avoid detection rather than simply to help the user review and publish content.
- Build engagement - Reduce algorithmic suspicion - Avoid aggressive promotion
Confirm the automation complies with Xiaohongshu rules, avoid evasion-oriented tactics, and disclose or constrain automated activity where required.
A misconfigured or over-trusted agent could keep posting or interacting after the user expected only a limited task.
The skill defines recurring daily posting and interaction behavior. No executable scheduler is included, but if an agent follows these instructions, it may continue producing public actions across the day without repeated user confirmation.
Default Daily Cadence: Posts: - Morning - Afternoon - Evening Interactions: - 3 evenly spaced cycles
Set an explicit stop condition, require approval for scheduled actions, and log every attempted post/comment cycle.
If a user later adds or downloads the missing helper script, that code could affect publishing behavior.
The skill references an optional publishing utility that is not included in the provided files. This is not suspicious by itself, but any separately obtained helper script would need review before use.
Optional deterministic utilities: - publish_strict.py
Do not run any external or later-supplied publish_strict.py unless it is reviewed and comes from a trusted source.