小红书图文创作
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: jeff-xiaohongshu-post Version: 1.0.0 The skill bundle facilitates Xiaohongshu content creation but employs several high-risk operational patterns. Most notably, SKILL.md instructs the agent to use 'cloudflared' to tunnel a local port (8787) to the public internet for image generation callbacks, which creates an unnecessary external attack surface. Additionally, generate_post.py uses subprocess.run to execute shell commands for headless Chrome screenshots and external scripts, which are risky capabilities that could be exploited if input parameters are not strictly sanitized.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The image workflow may fail or may require running extra, unreviewed code outside the supplied skill package.
The recommended KIE image workflow depends on helper scripts that are referenced by the instructions but are not present in the provided file manifest, leaving the executable provenance and required setup unclear.
python3 ${SKILL_DIR}/scripts/kie-callback-server.py & ... python3 ${SKILL_DIR}/scripts/kie-create-task.py ... python3 ${SKILL_DIR}/scripts/kie-wait-download.pyDo not use the KIE workflow until the missing helper scripts and required binaries are supplied, reviewed, and declared; otherwise prefer the included Seedream script.
A local service could remain running or reachable longer than intended while the tunnel is active.
This starts a local callback server in the background and exposes it through a public Cloudflare tunnel, but the artifacts do not document shutdown, origin checks, or scope limits.
python3 ${SKILL_DIR}/scripts/kie-callback-server.py &
cloudflared tunnel --url http://127.0.0.1:8787Run callback/tunnel commands only when necessary, stop both processes immediately after image generation, and document the callback server’s accepted routes and validation behavior.
Running the Seedream image path requires access to a provider API key and sends the cover prompt to the configured image API endpoint.
The included Seedream script reads a local API key and uses it as a bearer token for the image-generation API; this is purpose-aligned, with no hardcoded or logged key shown, but it is sensitive credential access.
CREDENTIALS_FILE = "/root/.openclaw/credentials/seedream.json" ... "Authorization": f"Bearer {API_KEY}"Store only the intended Seedream API key in that credential file, verify the endpoint, and avoid placing unrelated secrets there.