小红书
WarnAudited by ClawScan on May 10, 2026.
Overview
This XiaoHongShu tool is mostly coherent with its stated purpose, but it can use and log an account session cookie, perform account-changing likes/follows, and contains unsafe dynamic code execution.
Treat this as an unofficial XiaoHongShu scraper/interactor. Use guest mode for read-only tasks, avoid providing your main web_session cookie, do not share logs, require confirmation before likes/follows, and consider patching the cookie logging and eval-based config parsing before running it.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If logs are saved or shared, the user's session cookie could be exposed and potentially used to access or act as their account.
The code retrieves the session cookie and includes the raw web_session value in log messages on some error paths. A web_session cookie can authenticate the user's XiaoHongShu account.
web_session = cookies_dict.get('web_session') ... logger.warning(f"掉线 | {web_session} | web_session 登录超时 | {logger_info}")Do not share logs from this skill. Remove or mask web_session from all logging, rotate the cookie if exposed, and prefer a low-privilege or test account.
An agent could change the user's public/social XiaoHongShu account activity if it uses an authenticated session in a broad task.
The skill exposes account-mutating social actions, but the instructions do not require explicit user confirmation before following users or liking posts.
**Follow a user:** `res = await xhs_session.apis.user.follow_user(user_id)` ... **Like a note:** `res = await xhs_session.apis.note.like_note(note_id)`
Use guest/read-only mode by default. Require explicit user approval for every follow or like action, and show the exact target before execution.
Using the tool this way may violate platform rules, trigger account/IP restrictions, or encourage automation beyond what the user intended.
The documentation suggests using a proxy to change exit IPs when XiaoHongShu risk controls are triggered, and the skill also advertises automatic handling of anti-abuse/encryption parameters.
频繁触发风控(例如 461)想换出口 IP 试试
Respect platform terms and rate limits. Do not use the skill to bypass risk controls, and keep scraping/interaction tasks narrowly scoped and user-approved.
If the bundled config is modified or replaced, running the skill could execute unintended local Python code.
Configuration values are executed as Python code whenever read. Parsing strings, lists, and dictionaries from a config file does not require eval.
return eval(self.config.get(section, key, fallback=fallback))
Replace eval with ast.literal_eval or explicit typed parsing, and review the bundled config before use.
It is harder for a user to verify the origin, maintenance status, or trustworthiness of the implementation.
The skill has limited provenance information despite containing substantial Python code that handles cookies and network requests.
Source: unknown; Homepage: none
Install only from a source you trust, review the code and dependencies, and avoid using a primary account cookie unless necessary.