follow-xhs

The skill may use or expose an existing Xiaohongshu login session, and anyone receiving the package may inherit a credential that should not be shared.

The packaged config contains a non-placeholder Xiaohongshu session cookie value. SKILL.md describes web_session as a login credential, so shipping one creates account-access and credential-leak risk.

Providing this value may allow the skill to act through the user’s Xiaohongshu web session and may expose the account to rate limits, verification challenges, or account-security issues.

The skill explicitly asks for a raw login-session cookie and later saves it to config. This is high-impact account access, while registry metadata declares no primary credential or required environment variable.

A tampered configuration file could run commands on the user’s machine under the agent’s privileges.

The config parser evaluates configuration values as Python code. If the config file is altered, importing or using the encrypt module could execute arbitrary local code.

The agent may modify the local Python environment and fetch current package versions from PyPI.

The skill may install unpinned Python packages during onboarding despite having no install spec. These dependencies are relevant to the stated function, but the install path is under-declared.

Using a logged-in session with generated request signatures may trigger platform risk controls or affect the user’s Xiaohongshu account session.

The implementation generates custom Xiaohongshu web API signing headers. This appears related to search/detail retrieval, but users should understand it is using raw web API mechanics rather than a simple official export flow.

A user may underestimate that search keywords, request metadata, and session-authenticated traffic go to Xiaohongshu services.

The code may run locally, but the skill necessarily sends requests to Xiaohongshu APIs using a session cookie. Users should not interpret this wording as meaning no data leaves the machine.