XHS Auto-Publish
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with Xiaohongshu posting, but it controls a logged-in browser and clicks Publish by default, with conflicting preview/publish safety instructions.
Install only if you are comfortable with the skill controlling a logged-in Xiaohongshu browser. Use a dedicated browser profile, verify the account, run with --dry-run first, inspect the preview screenshot, and do not run it against important accounts until the publish-default and documentation inconsistencies are fixed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A post could be made public on the user's Xiaohongshu creator account without a final confirmation step.
The script defaults to publishing and programmatically clicks the Xiaohongshu '发布' button, making a public account mutation unless the user or agent remembers to pass --dry-run.
publish: true ... if (opts.publish) { ... if (btn.textContent.trim() === '发布' && !btn.disabled) { btn.click();Default to dry-run/preview mode, require an explicit --publish flag, and ask the user to confirm after reviewing the screenshot before clicking Publish.
A user or agent may believe the first run is only a preview when it can actually publish.
This safety claim contradicts the implemented defaults, where publish is true and there is no --publish case in the argument parser; SKILL.md also says to use --dry-run for preview.
The script will NOT click publish unless --publish flag is set. By default it fills everything and takes a screenshot for review.
Remove the contradictory documentation, implement --publish explicitly, and make the help text and SKILL.md consistently describe the safe default.
Anyone running the skill against the logged-in browser can act as the user on the Xiaohongshu creator site for this workflow.
The skill intentionally uses the user's authenticated browser session instead of a scoped API credential; this is disclosed and purpose-aligned, but it grants account-level posting authority through CDP.
No API key needed — uses CDP to control an already-logged-in browser.
Use a dedicated browser profile for this skill, keep CDP bound to localhost, and only run it after confirming which account is logged in.
Setup depends on the user's local npm environment and could resolve to newer dependency versions than the reviewed artifact expected.
The skill depends on an external npm package using a semver range, and the registry metadata/install spec does not declare the setup requirement even though SKILL.md asks users to install playwright-core.
"dependencies": { "playwright-core": "^1.50.0" }Pin dependency versions, provide a clear install spec or lockfile, and install dependencies from trusted package sources.