Back to skill
Skillv1.0.0
ClawScan security
xiaohongshu-auto-poster · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 31, 2026, 2:58 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions are internally consistent with an auto-poster that talks to a local MCP service; it does not ask for unrelated credentials or install code itself.
- Guidance
- This skill appears coherent: it expects you to run a local 'MCP' service and the SKILL.md tells the agent to talk to http://localhost:18060 to generate and publish posts. Before installing/using: 1) Verify the MCP project's GitHub repo and releases (check author, popularity, and source code if available) because the binary you run will perform network operations on your behalf. 2) Run the MCP binary in a controlled environment (non-root account, inspect logs) and confirm its behavior before connecting your social account. 3) Be cautious when scanning login QR codes — scanning gives the service access to your account; only proceed if you trust the MCP implementation. 4) Automated posting can violate platform rules and risk account limits/suspension; test with a throwaway account first. The skill itself does not request secrets or perform remote downloads, but the third-party MCP binary it directs you to is the primary external risk.
Review Dimensions
- Purpose & Capability
- okName/description (auto-post to 小红书 via a local MCP service) match the instructions: the SKILL.md instructs the agent to call a local MCP HTTP endpoint and to help user obtain login QR codes. No unrelated credentials or external services are requested by the skill.
- Instruction Scope
- okRuntime instructions operate only against a local service (http://localhost:18060) and user interaction commands (generate text, check login, publish). They do not instruct reading arbitrary host files, accessing external endpoints, or exfiltrating data. The skill relies on the local MCP service to perform network actions.
- Install Mechanism
- noteThe skill is instruction-only (no install spec) which is low risk. However references/setup.md tells users to download a third-party MCP binary from a GitHub releases URL; that binary is not supplied or validated by the skill. Users must vet the external repo/binaries themselves.
- Credentials
- okThe skill declares no required env vars, no primary credential, and no config paths. This is proportionate: the workflow expects a locally running MCP service and therefore does not need to request unrelated secrets.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide configuration changes. The setup docs show optional user steps to enable the MCP binary as a user launch agent, which is a user action, not an automatic change by the skill.