Xiaohongshu Assistant
Security checks across malware telemetry and agentic risk
Overview
The visible assistant mostly generates Xiaohongshu copy, but the package also includes under-declared code for logging in, publishing, commenting, and liking despite claiming those features were removed.
Install only if you intend to use it as a copywriting assistant and are comfortable removing or ignoring the bundled publisher/account modules. Do not provide Xiaohongshu login/session access or run xhs_publisher.py unless you have reviewed the external XiaohongshuSkills scripts and require explicit confirmation before any publish, comment, like, or bookmark action.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this code is invoked, it could post to a user's Xiaohongshu account without the manual review workflow the README recommends.
This module can perform an actual headless publish to Xiaohongshu rather than only generate copy; the README says automatic publishing is removed/disabled.
def publish(title, content, images=None, account="default", preview=False): ... "--title", title, "--content", content ... else: cmd.append("--headless")Remove the publisher module from the skill package or clearly document it as an optional high-impact capability with explicit user confirmation and preview-only defaults.
The skill package may use or affect logged-in Xiaohongshu account sessions if the publisher/login helpers are called.
The code includes account login/session handling paths, while the registry declares no credentials or required config and the README says account automation is disabled.
def login(account="default"): ... cmd = ["python", str(LOGIN_SCRIPT), "login", "--account", account]
Declare any account/session requirements in metadata, scope them narrowly, and require explicit user approval before any login or account action.
If a sibling XiaohongshuSkills directory exists, this skill could run unreviewed external automation code with the user's account context.
The publisher depends on scripts outside the provided package, so the code that would handle login and publishing is not reviewed, pinned, or declared by the install spec.
XHS_SKILLS_DIR = Path(__file__).parent.parent.parent / "XiaohongshuSkills"; PUBLISH_SCRIPT = XHS_SKILLS_DIR / "scripts" / "publish_pipeline.py"; LOGIN_SCRIPT = XHS_SKILLS_DIR / "scripts" / "cdp_publish.py"
Vendor or pin the helper code, include it in the reviewed manifest, or remove the external execution path entirely.
Users may believe the skill cannot affect their Xiaohongshu account when the package still contains code capable of account automation if invoked.
This safety claim conflicts with bundled xhs_publisher.py code that still exposes publishing, login, commenting, and interaction wrappers.
⚠️ **自动发布功能已移除**(法律和安全风险) ... ✅ 仅文案生成(零风险)
Avoid absolute claims like “zero risk,” and align the README, metadata, and package contents by removing or fully disclosing disabled high-impact code.