Xiaohongshu Browser
v1.2.1Browse Xiaohongshu (小红书) and take screenshots of posts. Supports keyword search, post modal screenshots, and returns post links. Requires prior manual login.
⭐ 1· 82·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (browse Xiaohongshu, search, screenshot) match the provided Python scripts which use Playwright to open the site, persist login state under ~/.openclaw/xhs_data, perform searches, click posts, and take screenshots. Required binary is only python, which is appropriate.
Instruction Scope
SKILL.md instructions align with the scripts' behavior (manual login via xhs_open.py, then automated search via xhs_search.py). Minor inconsistencies: SKILL.md's '注意事项' states '使用无头浏览器(headless),不会弹出窗口', but xhs_open.py launches a visible browser (headless=False) for manual login while xhs_search.py runs headless. SKILL.md mentions xsec_token for direct post access but the scripts do not extract or transmit tokens. Overall the instructions do not ask the agent to read unrelated system files or exfiltrate data to external endpoints.
Install Mechanism
No automated install spec included; SKILL.md instructs the user to pip install playwright and run 'playwright install chromium'. This is a standard, user-run setup and no arbitrary remote archives or installers are pulled by the skill itself.
Credentials
The skill requests no environment variables or external credentials. It writes and reads state under the user's HOME (~/.openclaw) including storage_state (xhs_auth.json) and a user-data directory (xhs_data) which will contain cookies/session data — this is expected for persistent logins but is sensitive (can be used to access the account). The amount of access is proportionate to the task but users should be aware of privacy risks of saved web auth state.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. It stores its own files under ~/.openclaw and does not modify other skills or system-wide agent settings. Autonomous invocation remains enabled by default, but that is platform normal behavior and not abused here.
Assessment
This skill appears to do what it says: it automates a browser to let you manually log in once and then perform headless searches and screenshots. Before installing/running: 1) manually install Playwright and review the installation commands in SKILL.md; 2) understand that the skill saves login/session data under ~/.openclaw (xhs_data and xhs_auth.json) — anyone with access to those files could reuse the session, so don't run on an untrusted or shared machine; 3) note the documentation mismatch: xhs_open.py opens a visible browser for manual login (not headless), while xhs_search.py runs headless; follow the login step as documented; 4) the tool may trigger site anti-bot protections (the script includes retry waits), and scraping may violate Xiaohongshu terms — proceed accordingly. If you need the skill to avoid persistent login state, do not permit it to write ~/.openclaw or periodically delete the saved auth files.Like a lobster shell, security has layers — review code before you run it.
latestvk975xxyxk533g7r0fvsfq3dng98444c9scrapingvk975xxyxk533g7r0fvsfq3dng98444c9screenshotvk975xxyxk533g7r0fvsfq3dng98444c9social-mediavk97e5srtp4v55qqfb8d7235nxd841wgjxiaohongshuvk975xxyxk533g7r0fvsfq3dng98444c9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython