ClawHub
Back to skill
v1.0.0

小红书舆情爬虫

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:23 AM.

Analysis

This is a disclosed Xiaohongshu crawling skill, but users should notice that the main instructions involve logging into a local Xiaohongshu account and running unpinned external crawler code.

GuidanceBefore installing or using this skill, review the external GitHub crawler code it asks you to run, use a virtual environment, avoid using a valuable personal account for scraping, keep request rates conservative, and manage or delete saved crawl outputs when finished.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
git clone https://github.com/xiaofuqing13/redbooks.git ... pip install -r requirements.txt ... python crawler_ultimate.py

The documented setup asks the user to fetch and run external project code that is not included in the supplied manifest and is not pinned to a specific commit.

User impactIf the external repository or its dependencies change, the code the user runs may differ from what was reviewed here.
RecommendationInspect the external repository before running it, pin to a known commit, and use a virtual environment.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
首次运行会弹出浏览器窗口,用小红书账号登录 ... 频繁爬取可能导致账号被封禁

The skill explicitly requires using a local Xiaohongshu account and discloses that scraping can affect that account.

User impactThe crawler may operate through the user's logged-in account, and excessive use could trigger platform restrictions or account penalties.
RecommendationUse only an account you are comfortable using for scraping, keep crawl rates low, and confirm actions remain within platform rules.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
爬取结果会保存为: Excel 文件: `data/关键词_时间.xlsx` ... SQLite 数据库: `data/xiaohongshu.db` ... 图片/视频: `images/关键词_时间/`

The skill stores retrieved social-media content locally in files and a database.

User impactCollected posts, comments, author names, and media may remain on the local machine after the crawl.
RecommendationStore outputs in a controlled folder, delete datasets when no longer needed, and avoid sharing collected data unintentionally.