Back to skill
Skillv1.0.0
ClawScan security
CP skill test 123456 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 5:50 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and behavior match its stated purpose (publishing long posts to Xiaohongshu via the web creator) and it does not request extra credentials or install code.
- Guidance
- This skill appears coherent and low-risk. Before installing, confirm you are comfortable with the agent using the OpenClaw built-in browser session to publish on your behalf (it will post under whichever Xiaohongshu account is logged in). Ensure the correct account is signed in, review and provide the post title/content when invoking the skill, and avoid granting any unrelated credentials. Because the instructions are high-level clicks, test with a draft or a throwaway account first to verify behavior.
Review Dimensions
- Purpose & Capability
- okName/description match the SKILL.md: all actions are browser-based interactions with the Xiaohongshu creator site. The skill requests no unrelated binaries, env vars, or installs, which is proportionate for a web UI automation skill.
- Instruction Scope
- noteInstructions direct the agent to open the official creator URL and perform UI actions (click title, input content, choose template, publish). They do not instruct reading arbitrary files or environment secrets. They are somewhat high-level/interactive and do not specify how the content is supplied to the agent (assumed from user prompt or agent context).
- Install Mechanism
- okNo install spec and no code files (instruction-only). This is low-risk: nothing is downloaded or written to disk.
- Credentials
- noteThe skill requests no environment variables or credentials, which is appropriate. It does rely on the OpenClaw built-in browser session being logged into Xiaohongshu — the skill will act under whatever account is signed in, so account/session context matters.
- Persistence & Privilege
- notealways:false and user-invocable:true (normal). The agent may be invoked autonomously by default; because the skill can publish using the active browser session, users should be aware that invocations can create posts in the signed-in account if triggered.