Skillv0.1.0

ClawScan security

Xiaohongshu CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 1:57 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it is an instruction-only wrapper for the xhs-cli tool and its instructions, installs, and auth flows align with the stated Xiaohongshu CLI purpose.
Guidance: This skill is an instruction-only helper for the xhs-cli terminal tool and appears consistent with that purpose. Before installing or allowing an agent to use it, confirm you trust the upstream project (check the GitHub repo and PyPI package), prefer interactive login flows (avoid pasting cookies into chat), and be aware that the CLI may read local browser session cookies to authenticate. Because the CLI can perform writes (post, comment, delete), only grant the agent permission to run these commands if you want it to act on your account. If you are uncomfortable with automated account actions, restrict the agent from invoking the skill autonomously or require explicit approval for write operations.

Review Dimensions

Purpose & Capability: okThe name and description match the runtime instructions: all commands, install suggestions (uv, pipx), and repo references point to a Xiaohongshu terminal client. There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope: noteThe SKILL.md restricts actions to installing and using xhs-cli and documents read/write operations (search, read, like, comment, post, delete). It notes that xhs login may try saved/local Chrome cookies and that manual cookie input should not be pasted into chat — this is relevant because the CLI may access local browser session data. The instructions do not direct the agent to exfiltrate data to third-party endpoints outside the CLI’s normal operations.
Install Mechanism: okThis is instruction-only; no install spec included. Suggested installs are via 'uv tool install' or 'pipx', and a GitHub checkout is given only for development — all are standard, low-risk installation routes. No arbitrary download URLs or extract operations are used in the skill itself.
Credentials: noteThe skill does not request environment variables or credentials. However, the CLI workflow can access or reuse local browser cookies/session state for authentication and can perform account write actions; users should be aware that local cookie access and authenticated operations are expected behaviors of the CLI and require user consent.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request permanent inclusion or modify other skills. The agent may invoke the skill autonomously (platform default), and because the CLI supports write operations, administrators should be mindful of letting an autonomous agent perform account actions.