Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Xiaohongshu Assistant
v1.0.0小红书运营助手。支持文案生成、标题优化、话题标签推荐、发布时间建议。
⭐ 0· 26·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and SKILL.md focus on content generation (文案/标题/标签/发布时间). However the repository includes xhs_publisher.py and xhs_accounts.py which implement automated publishing, subprocess calls to external scripts, and read/write account files. That extra functionality is not needed for a pure copywriting assistant and expands the capability set beyond the stated purpose.
Instruction Scope
SKILL.md itself is instruction-only and describes generation templates and safe manual publishing, but it references scripts and resources (scripts/generate_copy.py, scripts/optimize_title.py, references/*.md) that are not present in the file manifest. The runtime code (xhs_publisher.py) instructs subprocess.run to call external Python scripts in an external 'XiaohongshuSkills' repo (a path that walks up directories). This means if those external scripts exist on the host, the skill code could run them — a broader scope than the prose indicates.
Install Mechanism
There is no install spec and no network/download in the manifest. That's low-risk from an installer perspective; nothing in the skill attempts to fetch remote archives during install.
Credentials
The skill declares no required environment variables or credentials, which is consistent with a copywriting assistant. However, xhs_publisher and xhs_accounts expect local account/token files (e.g., xhs_accounts.json, posts.json) and accept tokens/xsec_token arguments. Those could be used to store or consume credentials outside the declared manifest; the skill does not explicitly request them but the code supports credential storage and passing to external scripts.
Persistence & Privilege
The skill is not set always:true and does not modify other skills. It does read and write local files (accounts/posts JSON) under its directory, which is reasonable for local drafts/account metadata, but it also constructs paths that go up three levels to reach an external 'XiaohongshuSkills' repo — that cross-directory access is worth attention.
What to consider before installing
This skill's documentation and SKILL.md are consistent with a simple, safe content generator, but the included code contains account-management and a 'publisher' module that invokes external Python scripts via subprocess and looks for a sibling/parent 'XiaohongshuSkills' repository. Before installing or running: 1) If you only want copy-generation, avoid importing or executing xhs_publisher.py and xhs_accounts.py — use only xiaohongshu_assistant.py and templates.py. 2) Inspect any external scripts referenced (the XHS_SKILLS_DIR path) — if those scripts exist on your machine they would be executed by the publisher functions. 3) Remove or sandbox publisher/account modules (or delete them) if you don't want any automatic publishing or credential storage. 4) Do not run publish/login functions unless you trust and have inspected the external XiaohongshuSkills scripts and understand what tokens or cookies they require. These mismatches could be benign leftover code, but they increase risk — manual review and disabling of publisher paths is recommended.Like a lobster shell, security has layers — review code before you run it.
latestvk9726ekf78nnmygtfashrzf8r583y1dw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.