Skillv0.1.14

ClawScan security

Rednote CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 24, 2026, 1:34 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with a CLI helper for operating Xiaohongshu via the @skills-store/rednote CLI; it is instruction-only and does not request unrelated credentials or install artifacts, but follow usual precautions when installing third‑party npm CLIs and when pointing the tool at real browser profiles.
Guidance: This skill is a documentation-only helper for the @skills-store/rednote CLI and appears coherent for that purpose. Before using it: (1) Verify the npm package (@skills-store/rednote) provenance and inspect its code or ratings on the registry before running npm install -g; the skill metadata has no homepage/source URL. (2) When connecting a browser instance, do not point --user-data-dir at your personal/default browser profile; create an isolated profile to avoid exposing cookies, sessions, or stored credentials. (3) Be cautious with commands that remove browser instances or profiles (they can delete local data). (4) Prefer running the CLI in a sandboxed environment or container if you’re unsure about the package origin. These precautions mitigate the primary practical risks associated with installing and running a third-party CLI that controls a browser.

Review Dimensions

Purpose & Capability: okThe name/description (operate Xiaohongshu via a rednote CLI) matches the instructions: the SKILL.md contains command examples, workflows, and browser-related subcommands you would expect for a CLI that controls a browser. No unrelated credentials, packages, or system paths are requested.
Instruction Scope: noteInstructions stay within the CLI/browser domain (env, browser create/connect, login, publish, search, interact). However the guidance explicitly tells users to connect to browser profiles (including passing --user-data-dir) and to remove named instances, which can affect local browser profile data; this is expected for a browser-automation CLI but is a user-risk to be aware of (avoid pointing at your primary browser profile).
Install Mechanism: noteThe skill is instruction-only and has no install spec (low risk), but it recommends installing the third-party npm package @skills-store/rednote (global install examples). The skill metadata lacks a homepage/source URL; the user should verify the npm package identity and inspect its code before installing/running it.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. The instructions reference local browser profile paths and ports (e.g., --user-data-dir, port 9222), which are proportional to the stated purpose of controlling a browser for login and automation.
Persistence & Privilege: okalways is false and the skill is user-invocable; there is no installation or persistent agent modification in the provided instructions. Nothing indicates the skill would request elevated or permanent privileges.