Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
小红书 - RedNote
v1.2.5小红书全能助手 — 文案生成、封面制作、内容发布与管理。当用户要求写小红书笔记、生成小红书文案/标题/封面、发小红书、搜索小红书、评论点赞收藏等任何小红书相关操作时使用。支持一站式从文案创作到自动发布的完整流程。封面AI生图需配置可选环境变量(GEMINI_API_KEY 或 IMG_API_KEY 或 HUNY...
⭐ 59· 10.4k·78 current·83 all-time
byhiyu@hi-yu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (content generation, cover creation, publish/search/interact) aligns with included scripts and instructions. Required binaries (ImageMagick's convert and curl) are reasonable. However the registry metadata lists no required environment variables while the scripts and SKILL.md clearly require many API keys (GEMINI_API_KEY, IMG_API_KEY/IMG_API_BASE, HUNYUAN_SECRET_ID/HUNYUAN_SECRET_KEY, XHS_AI_API_KEY/XHS_AI_API_URL/XHS_AI_MODEL, XHS_MCP_URL, etc.), which is an incoherence between declared requirements and actual needs.
Instruction Scope
Runtime instructions and scripts do more than simple text generation: they read user agent config (~/.openclaw/openclaw.json), invoke/initialise a local MCP service via HTTP, create/inspect /tmp files (e.g. /tmp/xhs_headers), attempt to start system services (systemctl start xvfb, xhs-mcp) and launch binaries in the user's home directory. These actions are plausible for a publish/automation skill but expand scope (service control, local binary execution, reading user config) and require caution.
Install Mechanism
There is no formal install spec (instruction-only), which is lower-risk for arbitrary downloads. However the included scripts rely on external Python libraries (e.g., tencentcloud SDK) and system components (fonts-noto-cjk, ImageMagick) that are not automatically installed or declared. The scripts may fail or attempt manual remedial actions (starting services) — missing dependency handling is a practical risk.
Credentials
The skill uses and may request many sensitive credentials and env vars (Gemini/OpenAI image keys, Tencent Hunyuan secret id/key, XHS AI API keys, possibly MCP URL). None of these are declared in the registry 'required env vars' list. Requiring multiple unrelated secrets (image APIs + AI API + local service URL) without declaring them is disproportionate and increases the chance of accidental credential exposure.
Persistence & Privilege
always:false and model invocation not disabled (normal). The scripts attempt to start systemd services and spawn the xiaohongshu-mcp binary from ~/xiaohongshu-mcp, which requires filesystem and service control actions but the skill does not request persistent system-wide privileges in metadata. This is not an explicit escalation flag, but running service-control commands and launching local binaries elevates the impact if credentials or malicious components are present.
What to consider before installing
Before installing or using this skill: 1) Expect to provide multiple API keys/secrets (Gemini/IMG/API, Tencent Hunyuan, optional XHS_AI_*), but note the skill registry entry does not declare them—only supply low-privilege/test keys or avoid sharing high-value credentials. 2) The skill runs local scripts that will try to start services (xvfb, xhs-mcp) and launch a local MCP binary from ~/xiaohongshu-mcp; verify the origin and integrity of that binary and run in an isolated environment if possible. 3) The scripts read ~/.openclaw/openclaw.json and write temporary files under /tmp; if you are concerned about privacy, inspect the scripts line-by-line or run them in a container. 4) The skill expects additional runtime dependencies (ImageMagick, Chinese fonts, python tencentcloud SDK) that are not auto-installed—install them from trusted package sources. 5) If you want to proceed, review and understand where your credentials will be used and avoid pasting production/high-privilege secrets until you confirm the MCP binary and scripts come from a trustworthy source.Like a lobster shell, security has layers — review code before you run it.
latestvk97bv3h623j1ymsn026zfbwgr1821svr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📕 Clawdis
Binsconvert
Any bincurl