Back to skill
Skillv1.0.1
VirusTotal security
小红书竞品监控助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:00 AM
- Hash
- c9f073fb205f698ae152956b06515ed45428527cc1cc63db6b3fdbf9e8ca1f9c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xhs-monitor Version: 1.0.1 The skill bundle implements a Xiaohongshu (Red) scraper using Puppeteer with several high-risk configurations, including disabling the browser sandbox ('--no-sandbox') and managing persistent user sessions via 'userDataDir' (found in daemon.js and scraper.js). It utilizes shell scripts (run.sh) and a custom scheduler (scheduler.js) to execute node processes and manage browser instances via remote debugging ports (9223). While these capabilities are plausibly required for the stated purpose of automated competitor monitoring and session persistence, the use of insecure browser flags and broad file system access for session data constitutes a significant security risk without further isolation.
- External report
- View on VirusTotal