Xiaohongshu Post (Browser Auto)
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Xiaohongshu publishing purpose, but browser mode lets an external or local LLM inspect logged-in page HTML and drive browser actions, which deserves careful review.
Use draft or API mode when possible. If you use browser mode, prefer a local/self-hosted analyzer, use a dedicated Xiaohongshu account, verify every post before publishing, protect ~/.openclaw/xhs-browser, and install dependencies in an isolated environment.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misleading or changed web page could steer the automation toward unintended clicks or navigation while the user is logged in.
The LLM is asked to interpret live page content and return the next browser action, selector, and optional URL. If page content contains misleading instructions, the model could treat them as guidance for the automation.
页面内容:\n---\n{page_content}\n---\n... "next_action": "wait_for_scan | goto_publish | click_new_note | fill_note | upload_images | done | user_action_required", ... "selector": ... "url": ...Constrain the model output to a strict allowlist of actions, selectors, and Xiaohongshu-only URLs, and add an explicit human confirmation before any final publish action.
The skill could click the wrong control or perform an unintended account action if the model returns an unsafe selector.
The shown browser automation path directly clicks a selector returned by the page-analysis model. That gives model output practical control over logged-in browser actions.
selector = result.get('selector')\nif selector:\n page.locator(selector).first.click(timeout=3000)Validate selectors against a narrow allowlist, avoid model-supplied arbitrary selectors, and require user review for actions that publish or modify account content.
Logged-in page content, including account or backend data not fully removed by sanitization, may be sent to a third-party model provider.
The analyzer collects the current page HTML and sends it to an OpenAI-compatible model endpoint, defaulting to DashScope unless configured otherwise.
html = page.content() ... prompt = ANALYZER_PROMPT.format(page_content=page_content) ... BAILIAN_BASE_URL = "https://coding.dashscope.aliyuncs.com/v1" ... client.chat.completions.create(
Prefer the documented local/self-hosted analyzer option, avoid configuring external analyzer keys for sensitive accounts, and minimize or redact page data before model calls.
Anyone or any process with access to that profile directory may be able to reuse the logged-in Xiaohongshu session.
Browser mode keeps a persistent Xiaohongshu login profile so it can act as the user in future runs.
登录状态保存在 `~/.openclaw/xhs-browser`,勿删除
Use a dedicated posting account if possible, protect the profile directory, and delete or rotate the session when you no longer need browser automation.
Future dependency versions may behave differently from the version the skill author tested.
The skill relies on external Python packages with broad minimum versions and no lockfile in the provided artifacts.
playwright>=1.40.0\nopenai>=1.0.0
Install in a virtual environment and pin reviewed dependency versions before using the browser automation.