小红书skill
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Xiaohongshu automation, but its code can also use a logged-in account to publish, comment, like, and store reusable session cookies, which is more sensitive than the documented read/extract workflow.
Before installing, treat this as a logged-in Xiaohongshu account automation tool, not just a reader. Review the full CLI, only run mutating actions after explicit confirmation, consider using a separate/test account, and delete ~/.xiaohongshu/cookies.json when you want to revoke the saved session.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with your logged-in session, the skill could upload and publish content to your Xiaohongshu account.
This shows the skill can operate the creator publishing page and submit a post. Public posting is a high-impact account mutation, but the reviewed SKILL.md does not clearly document publish controls or approval boundaries.
PUBLISH_URL = "https://creator.xiaohongshu.com/publish/publish?source=official" ... def _click_publish_button(self) -> bool: ... btn.first.click() ... print("已点击发布按钮", file=sys.stderr)Clearly document publishing as a capability, require explicit per-post user confirmation with a preview, and prevent autonomous execution of mutating publish commands.
An agent using this skill could post comments or replies under your account if such functions are invoked.
The code can submit public comments through the logged-in account. This is account-mutating behavior that is not clearly covered in the SKILL.md quick-start workflow.
def post_comment(...): ... """发表评论""" ... submit_btn = page.locator('div.bottom button.submit') ... submit_btn.first.click()Expose comments/replies only as explicit user-requested actions, add confirmation before submission, and document rate limits and reversibility.
Your logged-in session can persist across runs, and anyone or any process that can use that cookie file may be able to act as your account through this tool.
The skill saves and reloads session cookies from a persistent user-home path, giving future runs continuing access to the Xiaohongshu account even though the registry declares no primary credential.
DEFAULT_COOKIE_PATH = os.path.expanduser("~/.xiaohongshu/cookies.json") ... self.context.add_cookies(cookies) ... json.dump(cookies, f, ensure_ascii=False, indent=2)Declare the cookie credential path, protect it with restrictive permissions, provide a clear logout/delete-cookie command, and use a separate account if possible.
The automation may trigger or violate platform anti-bot rules even if it is intended for user-directed browsing/extraction.
The skill openly describes anti-bot-style browser behavior. The artifacts show CAPTCHA detection and manual handling rather than CAPTCHA solving, so this is a notice rather than evidence of malicious bypass.
反爬保护 ... **仿人类行为**:随机延迟、滚动模式、User-Agent 伪装
Use conservatively, respect the service terms, and avoid bulk or unattended scraping.
The exact code installed as dependencies may change over time.
Dependencies are installed from floating lower-bound versions, which is common but means future installs may fetch different package versions.
playwright>=1.40.0 markdown>=3.5 pytest>=7.0 pytest-mock>=3.0
Pin dependency versions and use a lockfile or reviewed environment for repeatable installs.