Back to skill
Skillv1.1.0
ClawScan security
XHS Content Generate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 7:52 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's files, runtime instructions, and requested permissions are consistent with a Little-Red-Book (小红书) post generator that fetches RSS hot topics and calls a separate 'humanizer-zh' skill for style polishing.
- Guidance
- This skill appears coherent for generating 小红书-style posts: it fetches RSS topics (36kr), analyzes style/templates, and calls the humanizer-zh skill to polish text. Things to consider before installing: - The metadata allows network access to 36kr and mentions using agent-browser for user-supplied links: if you supply arbitrary links, the agent/tool may fetch content from other domains — confirm what browsing/network capabilities your agent grants and whether you are comfortable with that. - The skill requests read access to the humanizer-zh SKILL.md file in your workspace. This is likely to learn how to call that skill, but it does read a file outside its own directory — review the humanizer-zh skill to ensure it contains no secrets and you trust it. - The skill is designed to produce provocative/controversial content by design; consider moderation and platform policy implications before publishing generated posts. If you want higher assurance, ask the author to remove the explicit file-read permission (or limit it) and/or confirm what browsing tool will be used for fetching user-provided links.
Review Dimensions
- Purpose & Capability
- okName/description (XHS post generator) match the actual behavior: it uses Node to fetch RSS feeds (36kr) and templates/style-analysis to synthesize posts, then calls a separate humanizer skill for polishing. Requiring the node binary and depending on humanizer-zh is reasonable for the described workflow.
- Instruction Scope
- noteSKILL.md stays largely within the stated scope (topic retrieval → style analysis → content generation → humanizer). It mentions using agent-browser or other tools to fetch user-provided links/posts; that can expand runtime network access beyond the declared 36kr RSS feed depending on the agent/tooling. The metadata explicitly requests file read access to ~/.openclaw/workspace/skills/humanizer-zh/SKILL.md to inspect/invoke the humanizer skill — unusual but explainable (to learn how to call that skill).
- Install Mechanism
- okNo install spec (instruction-only) and a small Node script are included. The fetch-rss-hot.js uses only Node's https module to retrieve https://36kr.com/feed; there are no external downloads or archive extraction. This is low-risk from an install perspective.
- Credentials
- okNo environment variables or credentials are requested. The declared network permission is scoped to 36kr, and the only requested file read is another skill's SKILL.md. Both are plausible for the stated purpose and not excessive.
- Persistence & Privilege
- okThe skill is not always-enabled and uses normal autonomous invocation settings. It does not request system-wide configuration changes or persistent elevated privileges.