Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
outreach
v1.0.0自动在小红书创作者最新作品下发布引导评论,促进关注或查看私信,支持网页版,操作风险低且可批量执行。
⭐ 0· 61·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/README emphasize web comments, but skill.json description and src/outreach_bot.py also implement private-message (私信) sending. SKILL.md explicitly states private messages are not supported on web and prefers comments, yet code contains a full outreach_bot that tries to find and click '私信' buttons and construct message flows. This internal inconsistency could be benign (two related modes included) but is incoherent and worth confirming with the author.
Instruction Scope
Runtime instructions and code read local files: creators_*.xlsx under a xiaohongshu-creator-finder output directory and a cookie file (.xiaohongshu_cookies.json). The SKILL.md mentions cookie reuse but does not fully document cookie file location or format. The bot will navigate arbitrary creator URLs and drive the browser to post content. No network exfiltration to third-party endpoints is present, but the skill will reuse session cookies and read another skill's output—this crosses skill boundaries and should be confirmed.
Install Mechanism
No installer downloads are embedded; dependencies are standard Python packages (playwright, pandas, openpyxl, rich). The skill is instruction/code-only and does not pull arbitrary remote archives or run external installers beyond the standard 'pip install' and 'playwright install chromium' the README suggests.
Credentials
No environment variables or external credentials are requested, which limits exposure. However the skill expects and loads a local cookies file (session cookies) and will look for another skill's output directory (~/.openclaw/.../xiaohongshu-creator-finder/output). Session cookies are sensitive (they can grant account access) and reading another skill's output implies cross-skill data access—both are explainable by the task but are sensitive and should be approved by the user.
Persistence & Privilege
The skill does not request 'always: true' and does not attempt to modify other skills' configurations. It writes logs and progress files under its own workspace/output and config folders only. Autonomous invocation is allowed (platform default) but not by itself a red flag here.
What to consider before installing
What to check before installing/use:
- Confirm the private-message behavior: SKILL.md says web private messages are not supported, but the package contains code to send private messages. Decide whether you intend to allow DM sending or only comment posting.
- Session cookies are required: the skill loads a local .xiaohongshu_cookies.json and will reuse cookies from a 'creator-finder' skill folder. Treat that file as highly sensitive—only provide cookies from an account you control and are willing to automate. Do not reuse cookies from high-privilege accounts.
- Inspect the cookie file and input Excel before running to ensure they contain only the data you expect. The bot will read creators_*.xlsx from a shared skill workspace path (~/.openclaw/.../xiaohongshu-creator-finder/output) if present.
- Test in a safe environment first (non-critical account) and with low daily_limit to verify selectors and behavior; automated posting can lead to platform action if misconfigured.
- Review platform Terms of Service and spam/promotion rules; automated outreach may violate rules and risk account suspension.
If you want, I can point out exactly where the code reads cookies and input paths, and suggest small code edits to limit the input paths or require an explicit cookie path to make use safer.Like a lobster shell, security has layers — review code before you run it.
latestvk97ezzah517mv7hmb9vpzzftg1839xgp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.