Skillv1.0.2

ClawScan security

xhs-daily-ranking（小红书每日风向标） · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 12:29 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions largely match the claimed functionality but include several incoherent and potentially risky choices—most notably calling an unfamiliar third‑party host with disabled TLS checks and promising subscription/push behavior that the included code doesn't implement.
Guidance: Key things to consider before installing or running this skill: - Domain and TLS: both scripts connect to onetotenvip.com (an unknown third‑party). Ask the author to explain why this intermediary is used instead of official Xiaohongshu endpoints. Do not run the scripts on sensitive machines until you trust that host. - Disabled certificate checks / no SNI: the code disables TLS verification and deliberately does not send SNI. This weakens transport security and is unusual; request that the author remove verify_mode=ssl.CERT_NONE and provide a secure, documented endpoint. - Data exfiltration / privacy: the scripts send user keywords, inferred categories, and dates in GET requests to the third party. If those queries are sensitive, treat them as potentially exfiltrated until you confirm the server's operator and privacy policy. - Subscription mismatch: the documentation promises daily 19:30 pushes, but no code implements scheduling, persistence, or push delivery. Clarify how subscriptions are stored and delivered (who/what will perform the scheduled push). If the skill needs platform-level scheduling, require explicit implementation and transparency. - Run in a sandbox first: if you want to test, execute the scripts in an isolated environment (air‑gapped or with network monitoring) and inspect outbound requests (hostname, payloads). Check WHOIS/owner info for onetotenvip.com and review server responses manually. - Ask for provenance: request a homepage, source repository, or contact for the owner. Prefer skills that use documented platform APIs or that include clear, verifiable server ownership. If you cannot get satisfactory answers about the third‑party host, TLS disabling, and subscription implementation, avoid using or running this skill with real data.

Review Dimensions

Purpose & Capability: concernThe SKILL.md states data is from '小红书公开内容接口', but both scripts send GET requests to onetotenvip.com rather than any official xiaohongshu domain or documented public API. This third‑party host is not explained in the metadata or documentation, which is inconsistent with the stated source and raises a question whether the skill is fetching data from an intermediary/aggregator instead of the platform it claims to use.
Instruction Scope: concernSKILL.md enforces strict runtime behavior (execute the two Python scripts, generate HTML, then immediately output a subscription prompt and support scheduled daily pushes). The scripts do perform data fetch and HTML generation, but there is no code to implement subscriptions or scheduled push delivery; instructions require 'daily 19:30 push' and 'must not wait for user reply', yet no persistence, scheduler, webhook, or push backend is provided. That mismatch (demanding push behavior without implementation) is an incoherence and could mislead users.
Install Mechanism: noteThere is no install spec (instruction-only) which minimizes installation risk, but code files are included. requirements.txt in SKILL.md mentions requests, yet the scripts use raw socket/ssl and do not import requests. The scripts perform network I/O to an external host and disable TLS verification (see next), so while nothing is written by an installer, executing the bundled code will create outbound connections to an unexplained domain.
Credentials: concernThe skill requests no environment variables or credentials (which is proportionate), but it sends user query parameters (keyword, category, dates) to onetotenvip.com. Sending users' search queries to an unvetted third party is a privacy concern—there's no justification in the metadata for routing queries to that host and no transparency about who controls it.
Persistence & Privilege: concernThe SKILL.md requires subscription behavior (daily scheduled pushes) and even mandates immediate display of subscription options after each run, but the package contains no code to persist subscriptions, register callbacks, or schedule jobs. This creates an expectation of persistent/background behavior that is unsupported by the included artifacts. (always:false so the skill itself is not forced-on, but the subscription promise is unresolved.)