Xhs Auto Publisher
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for automating 小红书 publishing, but it uses stealth browser automation, persistent login sessions, and recurring account workflows that could risk your account and local data.
Only use this if you are comfortable with automated social-media account operation and possible platform/account risk. Use a dedicated workspace and account, keep .auth out of git/cloud sync, remove clipboard-read and anti-detection settings where possible, review every generated post before clicking publish, and verify how to disable the recurring automation.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this could violate platform rules, increase account-ban risk, and make automated activity harder for the service to detect or contain.
The workflow explicitly instructs the browser automation to hide automation signals and bypass platform risk controls while operating a social-media publishing account.
真实 UA + `ignoreDefaultArgs: ['--enable-automation']` 绕风控
Remove stealth and risk-control-bypass steps; prefer official APIs or transparent browser automation with explicit user approval before each account action.
The Xiaohongshu page may be able to access clipboard contents without the normal browser prompt, which could expose copied passwords, tokens, or private text.
The script pre-grants clipboard read/write access to a third-party website origin; preparing a post does not clearly require clipboard-read permission.
await ctx.overridePermissions('https://creator.xiaohongshu.com', ['notifications', 'clipboard-read', 'clipboard-write']);Do not grant clipboard-read by default; request only the minimum permissions needed and explain any permission before enabling it.
Anyone who gets the .auth directory may be able to reuse the account session; accidental cloud sync or git commits would be risky.
The script stores Xiaohongshu cookies and a persistent Chrome profile under the user's workspace so future runs can stay logged in.
const STATE_FILE = path.join(CONFIG.WORKSPACE, '.auth/xhs_cookies.json'); const USER_DATA_DIR = path.join(CONFIG.WORKSPACE, '.auth/chrome_profile');
Keep .auth out of git and cloud sync, use a dedicated account/profile, and delete the cookies/profile when you no longer need the skill.
The workflow may keep preparing posts and opening the account publisher on future days until the recurring automation is disabled.
The skill intentionally creates a recurring automation that regenerates content and drives the browser on a schedule.
调用 `automation_update` 创建 recurring automation ... 让明日自动化按 Step 3-6 执行,最终把浏览器停在发布页
Confirm the schedule, review each generated post before publishing, and know how to pause or delete the recurring automation.
Users may underestimate account, compliance, or platform-policy risks because the skill suggests the automation can avoid detection.
The skill frames ban-risk reduction as a benefit of making the automation look human, which may encourage unsafe confidence in platform-evasion behavior.
保留人工点发布 + 持久 profile + 真实 UA + 发布时间带轻微随机 ±5 分钟,综合下来与真人操作难以区分。
Avoid claims that automation is safe because it is hard to distinguish from a human; clearly state platform and account risks.
Setup may rely on whatever Node.js/Puppeteer environment is already present, and users have less provenance context for the included automation code.
The skill includes runnable scripts but has limited provenance and no formal dependency/install declaration.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Publish a clear source repository, declare Node/Puppeteer requirements, and pin or document dependencies.