v1.0.1

Xiaohongshu Crawler

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:23 AM.

Analysis

The crawler matches its stated purpose, but it should be reviewed carefully because it captures and stores Xiaohongshu login cookies and uses anti-bot scraping techniques.

GuidanceReview before installing. If you proceed, run it manually, use a low-risk Xiaohongshu account, protect or delete config.json after use, clear generated cache/output files, and make sure your crawling volume and purpose comply with Xiaohongshu’s rules and applicable law.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

lib/anti-crawl.js

模拟人类浏览行为 ... 用户代理轮换 - 模拟不同浏览器 ... 代理轮换 - 避免 IP 被封

The crawler intentionally includes human-behavior simulation, user-agent rotation, and proxy rotation to reduce anti-crawling detection.

User impactEven though this is aligned with a crawler, using anti-bot evasion can violate platform rules, trigger account/IP restrictions, or create compliance risk.

RecommendationKeep usage small and manual, respect Xiaohongshu’s terms and robots/access rules, and avoid proxy rotation or high-volume crawling unless you have authorization.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

package.json

"dependencies": { "playwright": "^1.40.0", "axios": "^1.6.0", "cheerio": "^1.0.0-rc.12" }

If dependencies are installed, caret version ranges allow newer package versions and no lockfile is included in the manifest.

User impactA future install may resolve different dependency code than the version the publisher tested.

RecommendationInstall from a trusted source, review generated lockfiles, and pin dependency versions for reproducible installs.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/get-cookie.js

const cookies = await context.cookies(); ... c.name.includes('web_session') || c.name.includes('id_token') || c.name.includes('login_token') ... fs.writeFileSync(configPath, JSON.stringify(config, null, 2), 'utf8');

The script collects logged-in Xiaohongshu session/auth cookies and writes them to config.json for later use, giving the tool reusable account-session access.

User impactRunning the cookie setup can let the crawler act with your logged-in Xiaohongshu session and leaves sensitive account cookies on disk.

RecommendationUse only an account you are comfortable delegating, protect or delete config.json after use, avoid sharing the skill directory, and require the publisher to declare this credential handling clearly.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

lib/browser.js

const cacheDir = path.join(__dirname, '.cache'); ... fs.writeFileSync(cacheFile, JSON.stringify({ timestamp: Date.now(), data: data }));

The skill stores scraped results in a local cache and may reuse them until the configured cache duration expires.

User impactScraped notes, user profiles, or logged-in-accessible content may remain in local files after the task finishes.

RecommendationDo not crawl sensitive/private content, periodically clear the .cache directory and generated JSON/screenshots, and avoid sharing the skill folder.