ClawHub
Back to skill
v1.0.100

ZeeLin 小红书自动发布

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:46 AM.

Analysis

The skill fits its Xiaohongshu automation purpose, but it can use a logged-in browser session to publish and confirm public posts automatically, so it needs careful review before installation.

GuidanceInstall only if you intentionally want automated Xiaohongshu posting. Before use, confirm it runs in a dedicated browser profile, review every generated post manually, and prefer a draft-only or explicit-confirmation mode so it cannot publish to your account unexpectedly.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
scripts/post_xiaohongshu.sh
echo "Clicking 发布: $PUBLISH_REF"
$CLI click "$PUBLISH_REF" ...
echo "Clicking 确认发布: $CONFIRM_REF"
$CLI click "$CONFIRM_REF"

The browser automation script clicks the Xiaohongshu publish button and any confirmation dialog, creating a live public-posting action rather than only preparing a draft.

User impactGenerated or mistaken content could be posted publicly to the user's Xiaohongshu account without a separate final confirmation step.
RecommendationDefault to draft-only mode, show the exact post content to the user, and require an explicit approval immediately before any publish or confirmation click.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/auto_topic_post_xiaohongshu.sh
RESP_JSON="$(openclaw agent --agent main --message "$PROMPT" --json)"
TEXT="$(printf "%s" "$RESP_JSON" | jq -r '.result.payloads[0].text // empty')"

The script depends on external local tools such as the OpenClaw CLI and jq, while the registry declares no required binaries or install specification.

User impactUsers may not realize which local tools and browser automation components must be present and trusted for the skill to run.
RecommendationDeclare all required binaries, Python packages, browser/CDP assumptions, and setup steps in the skill metadata or installation documentation.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
scripts/cdp_xhs_publish_v3.py
Requires Chrome started with --remote-debugging-port=9222
and user logged into https://creator.xiaohongshu.com

The script is designed to act through a logged-in Xiaohongshu creator browser session, giving it delegated authority over the user's social account.

User impactThe skill can act as the logged-in account and publish content under that identity.
RecommendationClearly declare the account/session requirement, use a dedicated browser profile, limit the workflow to the Xiaohongshu creator site, and require user approval before account mutations.