xiaohongshu-full-auto
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill matches its stated social-media automation purpose, but it asks for Xiaohongshu account credentials and can automatically publish public posts using incomplete/unreviewed publishing code and an undisclosed third-party hot-topic feed.
Review carefully before installing or running. Do not use full-auto mode on a real account until the missing publish/content/cover modules are present and audited. Prefer semi-auto or assist-only mode, use a test account or scoped token instead of a raw cookie, verify the hot-topic source, and inspect the local publication log location and retention behavior.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish AI-generated Xiaohongshu posts publicly on the user's account without reviewing each post first, risking spam, reputational harm, or policy violations.
The skill explicitly supports a mode that proceeds from trend discovery to public publishing without user intervention, which is high-impact account mutation.
| **全自动** | 从热榜到发布全自理,不需要干预 |
Default to semi-auto approval before every publish action, show the exact title/body/tags/cover, and require an explicit final confirmation for each public post.
A Xiaohongshu cookie can grant account-level access; if mishandled, it may allow posting or other account actions beyond what the user expects.
The documentation asks for account/session credentials, while the registry metadata declares no required env vars and no primary credential. The included artifacts also omit the publisher implementation that would show how the cookie is handled.
XIAOHONGSHU_COOKIE=your_cookie_here XIAOHONGSHU_BUSINESS_ID=your_business_id
Declare the credential requirement in metadata, prefer scoped OAuth/API tokens over raw cookies, document exactly what account actions are performed, and avoid sharing the cookie with any unreviewed code.
The reviewed package cannot fully demonstrate what code generates content, creates covers, or publishes to the account; users may need to add or fetch unreviewed code to make the advertised workflow work.
These helper modules are imported by the main workflow but are not included in the supplied file manifest, including the high-impact publishing implementation.
from generate_content import generate_xiaohongshu_content from generate_cover import generate_cover_image from publish import publish_to_xiaohongshu
Include all referenced modules in the package, pin dependencies, and make the publishing path fully reviewable before users provide credentials.
An unknown third-party feed could influence what the agent writes and publishes, and users may incorrectly believe topics are coming directly from an official Xiaohongshu source.
The code retrieves trends from an undeclared third-party domain, while SKILL.md describes official Xiaohongshu hot-list/API behavior. This mismatch can mislead users about data provenance.
response = requests.get("https://api.fakey.top/xiaohongshu/hot", headers=headers, timeout=10)Clearly disclose the third-party endpoint or replace it with an official/verified API. Treat fetched topics as untrusted input and require review before publishing.
The log may reveal publishing history or content strategy to anyone with local file access, though this logging is aligned with the stated workflow.
The skill stores a persistent local publication history containing topics, titles, tags, cover paths, URLs, timestamps, and statuses.
LOG_FILE = os.path.join(os.path.dirname(__file__), '../../published.jsonl')
Document the log location, provide a retention/cleanup option, and avoid storing credentials or private drafts in the log.