Skillv1.0.0

ClawScan security

XHS Image Gen · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 5:03 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The package mostly matches its stated purpose (generate/render/post 小红书 notes) but the registry metadata understates what it needs and how it behaves—there are executable scripts, dependency requirements, and a publishing flow that requires a sensitive XHS_COOKIE that the metadata does not declare.
Guidance: This package appears to be what it says (render image cards + optional publish to 小红书) but there are transparency issues you should address before installing: 1) The registry claims no env vars or binaries, yet the repo contains Python/Node scripts, requirements.txt, package.json and instructions to install Playwright/Chromium—expect heavy downloads and follow the README. 2) Publishing requires XHS_COOKIE (a full browser session cookie). That cookie grants access to your account; do not paste it into third-party tools or share it. Inspect scripts/publish_xhs.py (and any --api-mode behavior) to confirm where data and credentials are sent before using publish. 3) Prefer running rendering locally (render_xhs.py) and avoid the publish step unless you trust the code; consider running in an isolated VM/container. 4) If you plan to install, review publish_xhs.py for network endpoints and credential handling, and consider rotating cookies/credentials after testing. If you want, provide the publish_xhs.py source and I can point out exactly what endpoints it calls and whether it sends cookies/contents off-device.

Review Dimensions

Purpose & Capability: concernThe skill's name/description (create XHS notes, render image cards, optionally publish) align with the included files (render and publish scripts, templates, themes). However the registry metadata claims 'instruction-only' with no required env vars or binaries, while the bundle actually contains Python/Node scripts, requirements.txt, package.json, and Playwright usage described in README—so the declared requirements do not match what the skill actually contains.
Instruction Scope: noteSKILL.md gives a narrow runtime scope: produce markdown, run render scripts to generate PNGs, and optionally run publish_xhs.py to post. That is coherent with the stated purpose. The instructions do require the user to obtain and place a full browser cookie (XHS_COOKIE) into .env for publishing; this is sensitive but relevant to the publishing function. The README also mentions an --api-mode / xhs-api option (possible external service) — you should inspect publish_xhs.py to confirm whether data or credentials may be sent to third-party endpoints.
Install Mechanism: concernRegistry shows no install spec, but README and project files indicate real dependency installation is required: pip install -r requirements.txt, Node/npm installs, and Playwright which downloads Chromium. Playwright will pull large browser binaries. Because the registry did not declare these requirements and no automated install spec is provided, an operator might not expect these downloads or native binaries—this mismatch increases risk and friction.
Credentials: concernThe registry metadata lists no required env vars, but SKILL.md and README explicitly require an XHS_COOKIE in .env to publish. Requesting a platform session cookie is proportionate to a publish operation, but the omission from declared requires.env is a significant transparency gap. Treat XHS_COOKIE as highly sensitive (gives account access) and only provide it after verifying the publish code and trustworthiness.
Persistence & Privilege: okThe skill does not request always:true and does not declare system-wide config changes. It will run scripts and (if you follow README) Playwright will download Chromium into the environment—this is not a platform privilege escalation, but it does add a sizable binary to the runtime environment. No evidence the skill modifies other skills or global agent config.