follow-xhs
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: follow-xhs Version: 1.0.0 The skill is a Xiaohongshu (XHS) scraper that requires a sensitive 'web_session' cookie to function. It implements complex, reverse-engineered encryption logic (X-S, X-S-Common, X-B3 signatures) in the 'scripts/request/web/encrypt/' directory to bypass anti-bot protections. A notable security vulnerability exists in 'scripts/request/web/encrypt/config.py', where the 'eval()' function is used to parse values from a local configuration file, which could lead to arbitrary code execution if the configuration is tampered with. While the tool appears to align with its stated purpose of content analysis, the combination of credential handling, unsafe code execution patterns, and anti-scraping bypasses warrants a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may use or expose an existing Xiaohongshu login session, and anyone receiving the package may inherit a credential that should not be shared.
The packaged config contains a non-placeholder Xiaohongshu session cookie value. SKILL.md describes web_session as a login credential, so shipping one creates account-access and credential-leak risk.
"web_session": { "value": "040069b3dee5723cd2f869e7f93b4be9a776c9" }Remove the bundled session value, rotate the exposed cookie, declare the credential requirement in metadata, and require each user to provide their own credential through a safer per-user secret mechanism.
Providing this value may allow the skill to act through the user’s Xiaohongshu web session and may expose the account to rate limits, verification challenges, or account-security issues.
The skill explicitly asks for a raw login-session cookie and later saves it to config. This is high-impact account access, while registry metadata declares no primary credential or required environment variable.
"web_session 是小红书的登录凭证,必须配置后才能使用搜索功能。"
Only provide a session cookie if you understand the account risk. The publisher should document the exact credential scope, storage location, retention, and revocation steps.
A tampered configuration file could run commands on the user’s machine under the agent’s privileges.
The config parser evaluates configuration values as Python code. If the config file is altered, importing or using the encrypt module could execute arbitrary local code.
return eval(self.config.get(section, key, fallback=fallback))
Replace eval with ast.literal_eval or JSON parsing, and treat configuration as data rather than executable Python.
The agent may modify the local Python environment and fetch current package versions from PyPI.
The skill may install unpinned Python packages during onboarding despite having no install spec. These dependencies are relevant to the stated function, but the install path is under-declared.
如果失败:执行 `pip install aiohttp loguru pycryptodome getuseragent`
Install dependencies in a virtual environment, pin versions in requirements.txt or an install spec, and review packages before installation.
Using a logged-in session with generated request signatures may trigger platform risk controls or affect the user’s Xiaohongshu account session.
The implementation generates custom Xiaohongshu web API signing headers. This appears related to search/detail retrieval, but users should understand it is using raw web API mechanics rather than a simple official export flow.
用于生成小红书API请求所需的X-S加密头
Use a dedicated low-risk account where possible, keep request volume low, and ensure the skill clearly documents its API behavior and limits.
A user may underestimate that search keywords, request metadata, and session-authenticated traffic go to Xiaohongshu services.
The code may run locally, but the skill necessarily sends requests to Xiaohongshu APIs using a session cookie. Users should not interpret this wording as meaning no data leaves the machine.
这个 skill 完全在你的本地机器上运行。
Clarify that execution is local but network requests are sent to Xiaohongshu, and explain what data is transmitted.