Back to skill
Skillv0.1.0
VirusTotal security
Xiaohongshu CLI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:47 AM
- Hash
- 0520f202d48b97b452f2fc5b5ee27099eb12b5c78014bca2c7dc17af4e3a1e24
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: jackwener-xhs-cli Version: 0.1.0 The skill facilitates the installation and operation of the `xhs-cli` tool, which involves high-risk capabilities such as installing external software from PyPI (`uv tool install xhs-cli`) and accessing local Chrome browser cookies for authentication (`xhs login`). While these actions are plausibly necessary for the stated purpose of managing a Xiaohongshu account and the instructions in `SKILL.md` include a security-positive warning against pasting raw cookies into chat logs, the combination of automated package installation and credential extraction from the local filesystem meets the threshold for a suspicious classification under the provided criteria.
- External report
- View on VirusTotal