ClawHub

Rednote CLI

v0.1.14

Use when the user wants to operate Xiaohongshu (RedNote) from the terminal with the `@skills-store/rednote` CLI, including browser setup, login, environment...

4· 780·5 current·5 all-time
bynoah@darknoah
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (operate Xiaohongshu via a rednote CLI) matches the instructions: the SKILL.md contains command examples, workflows, and browser-related subcommands you would expect for a CLI that controls a browser. No unrelated credentials, packages, or system paths are requested.
Instruction Scope
Instructions stay within the CLI/browser domain (env, browser create/connect, login, publish, search, interact). However the guidance explicitly tells users to connect to browser profiles (including passing --user-data-dir) and to remove named instances, which can affect local browser profile data; this is expected for a browser-automation CLI but is a user-risk to be aware of (avoid pointing at your primary browser profile).
Install Mechanism
The skill is instruction-only and has no install spec (low risk), but it recommends installing the third-party npm package @skills-store/rednote (global install examples). The skill metadata lacks a homepage/source URL; the user should verify the npm package identity and inspect its code before installing/running it.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The instructions reference local browser profile paths and ports (e.g., --user-data-dir, port 9222), which are proportional to the stated purpose of controlling a browser for login and automation.
Persistence & Privilege
always is false and the skill is user-invocable; there is no installation or persistent agent modification in the provided instructions. Nothing indicates the skill would request elevated or permanent privileges.
Assessment
This skill is a documentation-only helper for the @skills-store/rednote CLI and appears coherent for that purpose. Before using it: (1) Verify the npm package (@skills-store/rednote) provenance and inspect its code or ratings on the registry before running npm install -g; the skill metadata has no homepage/source URL. (2) When connecting a browser instance, do not point --user-data-dir at your personal/default browser profile; create an isolated profile to avoid exposing cookies, sessions, or stored credentials. (3) Be cautious with commands that remove browser instances or profiles (they can delete local data). (4) Prefer running the CLI in a sandboxed environment or container if you’re unsure about the package origin. These precautions mitigate the primary practical risks associated with installing and running a third-party CLI that controls a browser.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a7mgaewgjwyv2a42yj7f4rd83h5a0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments