Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
xiaohongshu-matrix-manager
v1.0.0小红书矩阵系统 API 调用工具,集成红薯矩阵平台(hongshujuzhen.com)。支持:搜索小红书笔记、获取笔记详情、发布图文笔记、查询账号列表、查询 API 使用统计、批量管理小红书账号。触发词:小红书、xhs、笔记搜索、发布小红书、API 调用、红薯矩阵。
⭐ 1· 93·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description match the included API documentation: it is a client for the '红薯矩阵' (redapi.cn) endpoints (search, note detail, publish, accounts, usage). Requesting an API key from that platform is expected for this purpose. However, the skill metadata declares no required credentials or primaryEnv even though the SKILL.md and api.md clearly state authentication via X-API-Key (or ?api_key). Also the SKILL.md lists using Python 'requests' via exec but the manifest lists no required binaries or runtime requirements (e.g., python, requests), which is inconsistent.
Instruction Scope
Runtime instructions tell the agent to 'use exec tool to execute Python requests' and point to code samples in references/api.md. That grants the agent the ability to run arbitrary shell/python commands—broader than a simple HTTP wrapper. The instructions do not constrain what code to run, nor do they document safe handling of API keys. Additionally, all example requests use plain HTTP (http://redapi.cn), which would expose API keys and payloads in transit.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code. That minimizes on-disk risk (no downloaded archives or install scripts).
Credentials
The API requires an API key (X-API-Key or api_key) per SKILL.md and references/api.md, but the skill metadata declares no required environment variables or 'primary credential'. This mismatch means the agent may prompt for credentials ad hoc or embed them in exec calls, increasing risk. Also the use of HTTP (not HTTPS) may leak that credential in transit.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global agent settings. It uses normal autonomous-invocation defaults (disable-model-invocation:false), which is expected.
What to consider before installing
Before installing, consider the following:
- The skill documentation requires an API key for redapi.cn but the skill metadata does not declare any required credential — ask the publisher to add a declared primaryEnv (e.g., REDAPI_API_KEY) so you know where and how the key will be supplied.
- The SKILL.md instructs the agent to run Python via exec. Running arbitrary exec'd code can do much more than HTTP requests; prefer a skill that uses a constrained HTTP client call rather than executing arbitrary scripts.
- The API examples use plain HTTP (http://redapi.cn). That will expose your API key and data in transit. Do not supply sensitive credentials unless you confirm the service supports HTTPS and you trust the endpoint.
- Verify the legitimacy of hongshujuzhen/redapi.cn independently (official site, TLS, privacy policy). If you proceed, test in a sandbox account with a low‑privilege API key first.
- Ask the publisher for clarifications: (1) a declared env var name for the API key, (2) explicit guidance on required runtimes (python/requests) or a non-exec HTTP implementation, and (3) confirmation that HTTPS is supported. If they cannot or will not provide those, treat the skill as higher risk.Like a lobster shell, security has layers — review code before you run it.
latestvk97029tzrsq7n99wfzy6h0qt9h83gc89
License
MIT-0
Free to use, modify, and redistribute. No attribution required.