Back to skill
Skillv0.1.0
ClawScan security
Xiaohongshu First Line · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 9, 2026, 2:46 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's actions mostly match its purpose (scraping public Xiaohongshu content to craft icebreakers) but several instruction-level rules are concerning—chiefly the directive to suppress moral/ethical cautions and the assumption of a logged‑in browser session—so it warrants caution before installing.
- Guidance
- This skill is mostly coherent with its stated purpose, but be cautious before installing. Things to consider: (1) the SKILL forces the agent to use a logged-in browser session and forbids refusal or adding ethical cautions — that can bypass normal safety checks and may access content that isn't truly public; confirm what the platform browser is logged into and whether that session could expose private data. (2) The instructions encourage automated scraping and message generation to contact strangers — consider platform terms of service and personal/privacy/harassment risks before using it to reach out. (3) If you want safer behavior, request the skill be edited to remove the directive that suppresses moral/ethical warnings and to explicitly require confirmation that target content is public. Additional information that would raise confidence: explicit statement about whether the platform browser is always anonymous or may be tied to a human account, and a version of SKILL.md that allows the agent to refuse or warn in edge cases (private profiles, boundary-setting bios).
Review Dimensions
- Purpose & Capability
- okName/description (generate first lines from Xiaohongshu content) aligns with instructions: the skill uses the browser to visit profiles/posts, screenshots content, extracts hashtags and metadata, and generates tailored messages. No unrelated credentials, binaries, or installs are requested.
- Instruction Scope
- concernThe SKILL.md explicitly instructs the agent to always use the platform browser (which it assumes is logged into Xiaohongshu), to never ask the user to copy-paste, and to 'Do NOT add moral disclaimers / do NOT refuse to search / do NOT lecture the user.' That suppresses agent-level caution and refusal behaviors and forces automated scraping of a logged-in browser session — a behavioral constraint that can enable ethically questionable or privacy-invading actions and reduces normal safety checks.
- Install Mechanism
- okInstruction-only skill with no install spec, no downloaded code, and no external URLs — lowest install risk.
- Credentials
- noteThe skill declares no environment variables or credentials, which is proportionate. However it assumes access to an authenticated browser session on Xiaohongshu (the doc states 'The browser is logged into Xiaohongshu'), which is an implicit dependency: if the platform browser is logged in, scraping may reveal content not accessible to anonymous users. That assumption should be validated.
- Persistence & Privilege
- okNo 'always: true', no installs that persist, and no modification of other skills. Autonomous invocation is allowed (default) but not combined with other high-risk flags.