Back to skill
Skillv1.0.0
ClawScan security
WeChat to Xiaohongshu · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 7:32 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (automating cross-posting via browser automation) but relies on a browser relay extension that can access your open tabs and there are a few small documentation inconsistencies worth noting.
- Guidance
- This skill appears to do what it says: automating copy/import of WeChat articles into Xiaohongshu by controlling your browser tabs. Before installing or using it: 1) only enable the required OpenClaw Browser Relay extension in a browser profile you trust (prefer a dedicated profile for these accounts); 2) be aware that the skill uses snapshots of open tabs and can access page contents in the active profile—close unrelated sensitive tabs first; 3) confirm whether the 'exec' tool mention in REQUIREMENTS.md is accidental (the runtime steps don't call exec); 4) test with non-sensitive or demo accounts first to ensure behavior is acceptable; 5) revoke/disable the extension or sign out of accounts if you stop using the skill. If you want stronger assurances, ask the skill author to add explicit domain restrictions (only operate on mp.weixin.qq.com and creator.xiaohongshu.com) and to remove or explain the 'exec' mention.
Review Dimensions
- Purpose & Capability
- noteThe skill's name and description match the instructions: it automates copying WeChat Official Account articles into Xiaohongshu using a browser relay. Required capabilities (browser tabs, logged-in sessions, OpenClaw Browser Relay) are appropriate. Minor inconsistency: REQUIREMENTS.md mentions the 'exec' tool as part of the toolset, but the SKILL.md runtime instructions only use the 'browser' actions (no exec calls). That discrepancy should be clarified but does not by itself contradict the purpose.
- Instruction Scope
- concernRuntime instructions tell the agent to enumerate and snapshot browser tabs and to read content from them (browser(action="tabs"), browser(action="snapshot")). This is necessary to find the WeChat article and interact with Xiaohongshu, but it also means the skill — when invoked — can inspect any open tabs in the browser profile, not just the two target sites. The instructions do not include explicit domain-restriction checks, so there is a risk of unintended exposure of other open-page contents if used in a profile with unrelated sensitive tabs.
- Install Mechanism
- okThis is an instruction-only skill with no install spec or downloaded code. That reduces disk/remote-execution risk. It does require the user to install and enable the OpenClaw Browser Relay extension, which is the expected mechanism for browser automation.
- Credentials
- noteThe skill requests no environment variables or external credentials and relies on browser session cookies being logged in to the two target services. That is proportionate to cross-posting functionality. Note: browser sessions are effectively the credential here — the skill requires the user to be logged in and to keep tabs open, so session security (who has access to the browser profile) matters.
- Persistence & Privilege
- okalways is false and the skill does not request elevated platform privileges. Autonomous invocation is allowed (default) — normal for skills. There is no sign it attempts to modify other skills or system-wide settings.