ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

xiaohongshu-publish-skill

v1.0.0

Xiaohongshu (RedNote/小红书) automation skill for content publishing and engagement. Publish image-text notes via the xhs API using cookies, and simulate browse...

1· 407·5 current·6 all-time
by@bighit1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description match the included Python scripts (publish_xhs.py and interact_xhs.py) and Playwright usage. However the registry metadata lists no required environment variables or primary credential, while SKILL.md and the code clearly require an XHS_COOKIE in a .env file for publishing. That metadata omission is an incoherence — the skill legitimately needs a sensitive cookie but does not declare it to the registry.
!
Instruction Scope
SKILL.md instructs the agent/operator to create a .env with XHS_COOKIE, to run setup.sh to create a venv and install dependencies, and to use xhs_browser_data/ for persistent browser login data. The instructions therefore direct the agent to read local files (.env, images), persist browser profile data under the skill directory, and perform network calls. Those actions are coherent with the stated purpose, but they reference sensitive local state (cookies, browser profile) that the metadata did not declare — a scope/visibility mismatch that should be clarified.
Install Mechanism
There is no automated install spec in the registry, but the package includes a setup.sh that creates a Python venv and runs pip install -r requirements.txt (xhs, playwright, python-dotenv, requests) and installs Playwright Chromium. Installing from PyPI and downloading browser binaries is expected for this skill but carries the usual supply-chain risk of third-party packages. No arbitrary remote archives or URL shorteners are used.
!
Credentials
Functionality requires a full XHS_COOKIE (including a1 and web_session) and a persistent browser profile directory; those are proportionate to publishing and webpage simulation. The problem is the skill metadata did not declare any required environment variables or primary credential despite the code depending on XHS_COOKIE. Requesting a long-lived session cookie is sensitive because it effectively grants full account access; the skill does not request unrelated credentials, but the missing declaration is concerning.
Persistence & Privilege
The skill does not set always: true and does not claim elevated platform privileges. It uses a persistent Playwright user_data_dir stored under the skill (xhs_browser_data/) to retain login sessions; this is normal for browser automation but implies persistent local profile data is created and reused.
What to consider before installing
What to consider before installing: - The skill requires a full Xiaohongshu session cookie (XHS_COOKIE) stored in a .env file; this is sensitive and grants account-level actions (publish posts, comment). Only use with accounts you trust (consider a throwaway/test account). - The registry metadata did NOT declare this required credential — that mismatch is a red flag. Ask the publisher/maintainer (or the registry) to update metadata to declare XHS_COOKIE as a required credential. - The skill installs Python packages from PyPI (including an 'xhs' package) and downloads Chromium via Playwright. Review those package origins and versions if you are concerned about supply-chain risk. - The skill will create and persist browser profile data under xhs_browser_data/ inside the skill directory. If you want isolation, run in a sandboxed VM or container and avoid storing cookies on shared systems. - Read the included scripts (publish_xhs.py and interact_xhs.py) yourself (they are present and transparent). They do not contain hidden remote endpoints or obfuscated exfiltration code, but they perform network calls to Xiaohongshu and will use your cookie to act as your account. - If you plan to proceed: (1) test with a non-production account; (2) rotate or revoke the cookie after use if you used a real account; (3) consider running the skill in an isolated environment; (4) ask the publisher to correct the registry metadata to list XHS_COOKIE as a required credential so the risk is visible up front.

Like a lobster shell, security has layers — review code before you run it.

latestvk974v06njq4nqvnbk1rfnn2zx582mx7y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments