follow-xhs
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s Xiaohongshu search purpose is coherent, but it handles raw login cookies unsafely, ships a non-placeholder session value, and contains unnecessary dynamic code execution.
Review this carefully before installing. Do not use the bundled web_session value, rotate it if it belongs to you, and only provide your own Xiaohongshu session cookie if you are comfortable with the skill storing and using it. Prefer a virtual environment for dependencies, and avoid using a primary account until the eval-based config parsing and credential handling are fixed.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may use or expose an existing Xiaohongshu login session, and anyone receiving the package may inherit a credential that should not be shared.
The packaged config contains a non-placeholder Xiaohongshu session cookie value. SKILL.md describes web_session as a login credential, so shipping one creates account-access and credential-leak risk.
"web_session": { "value": "040069b3dee5723cd2f869e7f93b4be9a776c9" }Remove the bundled session value, rotate the exposed cookie, declare the credential requirement in metadata, and require each user to provide their own credential through a safer per-user secret mechanism.
Providing this value may allow the skill to act through the user’s Xiaohongshu web session and may expose the account to rate limits, verification challenges, or account-security issues.
The skill explicitly asks for a raw login-session cookie and later saves it to config. This is high-impact account access, while registry metadata declares no primary credential or required environment variable.
"web_session 是小红书的登录凭证,必须配置后才能使用搜索功能。"
Only provide a session cookie if you understand the account risk. The publisher should document the exact credential scope, storage location, retention, and revocation steps.
A tampered configuration file could run commands on the user’s machine under the agent’s privileges.
The config parser evaluates configuration values as Python code. If the config file is altered, importing or using the encrypt module could execute arbitrary local code.
return eval(self.config.get(section, key, fallback=fallback))
Replace eval with ast.literal_eval or JSON parsing, and treat configuration as data rather than executable Python.
The agent may modify the local Python environment and fetch current package versions from PyPI.
The skill may install unpinned Python packages during onboarding despite having no install spec. These dependencies are relevant to the stated function, but the install path is under-declared.
如果失败:执行 `pip install aiohttp loguru pycryptodome getuseragent`
Install dependencies in a virtual environment, pin versions in requirements.txt or an install spec, and review packages before installation.
Using a logged-in session with generated request signatures may trigger platform risk controls or affect the user’s Xiaohongshu account session.
The implementation generates custom Xiaohongshu web API signing headers. This appears related to search/detail retrieval, but users should understand it is using raw web API mechanics rather than a simple official export flow.
用于生成小红书API请求所需的X-S加密头
Use a dedicated low-risk account where possible, keep request volume low, and ensure the skill clearly documents its API behavior and limits.
A user may underestimate that search keywords, request metadata, and session-authenticated traffic go to Xiaohongshu services.
The code may run locally, but the skill necessarily sends requests to Xiaohongshu APIs using a session cookie. Users should not interpret this wording as meaning no data leaves the machine.
这个 skill 完全在你的本地机器上运行。
Clarify that execution is local but network requests are sent to Xiaohongshu, and explain what data is transmitted.