xiaohongshu-full-auto
AdvisoryAudited by VirusTotal on Apr 1, 2026.
Overview
Type: OpenClaw Skill Name: xiaohongshu-full-auto Version: 1.0.0 The skill bundle provides a legitimate automation workflow for Xiaohongshu content creation, including trend scraping, AI content generation, and automated publishing. The code is well-structured, uses safe practices like `yaml.safe_load`, and contains no evidence of malicious intent, data exfiltration, or unauthorized execution. While it requires sensitive credentials (XIAOHONGSHU_COOKIE) and utilizes a third-party API (api.fakey.top) for scraping, these are standard requirements for the stated functionality and are handled within the user's local environment. No prompt injection or obfuscation was found in the documentation or scripts (full_auto.py, get_hot_topics.py).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish AI-generated Xiaohongshu posts publicly on the user's account without reviewing each post first, risking spam, reputational harm, or policy violations.
The skill explicitly supports a mode that proceeds from trend discovery to public publishing without user intervention, which is high-impact account mutation.
| **全自动** | 从热榜到发布全自理,不需要干预 |
Default to semi-auto approval before every publish action, show the exact title/body/tags/cover, and require an explicit final confirmation for each public post.
A Xiaohongshu cookie can grant account-level access; if mishandled, it may allow posting or other account actions beyond what the user expects.
The documentation asks for account/session credentials, while the registry metadata declares no required env vars and no primary credential. The included artifacts also omit the publisher implementation that would show how the cookie is handled.
XIAOHONGSHU_COOKIE=your_cookie_here XIAOHONGSHU_BUSINESS_ID=your_business_id
Declare the credential requirement in metadata, prefer scoped OAuth/API tokens over raw cookies, document exactly what account actions are performed, and avoid sharing the cookie with any unreviewed code.
The reviewed package cannot fully demonstrate what code generates content, creates covers, or publishes to the account; users may need to add or fetch unreviewed code to make the advertised workflow work.
These helper modules are imported by the main workflow but are not included in the supplied file manifest, including the high-impact publishing implementation.
from generate_content import generate_xiaohongshu_content from generate_cover import generate_cover_image from publish import publish_to_xiaohongshu
Include all referenced modules in the package, pin dependencies, and make the publishing path fully reviewable before users provide credentials.
An unknown third-party feed could influence what the agent writes and publishes, and users may incorrectly believe topics are coming directly from an official Xiaohongshu source.
The code retrieves trends from an undeclared third-party domain, while SKILL.md describes official Xiaohongshu hot-list/API behavior. This mismatch can mislead users about data provenance.
response = requests.get("https://api.fakey.top/xiaohongshu/hot", headers=headers, timeout=10)Clearly disclose the third-party endpoint or replace it with an official/verified API. Treat fetched topics as untrusted input and require review before publishing.
The log may reveal publishing history or content strategy to anyone with local file access, though this logging is aligned with the stated workflow.
The skill stores a persistent local publication history containing topics, titles, tags, cover paths, URLs, timestamps, and statuses.
LOG_FILE = os.path.join(os.path.dirname(__file__), '../../published.jsonl')
Document the log location, provide a retention/cleanup option, and avoid storing credentials or private drafts in the log.