ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Xiaohongshu Public Monitor

v0.1.0

小红书舆论监控 - 自动搜索小红书帖子、筛选需要舆论引导的内容、生成多人设评论话术、输出到飞书多维表格。适用于任何品牌/产品的小红书舆情监控。Use when: (1) 需要监控小红书上的品牌/产品讨论, (2) 需要生成多角色评论话术, (3) 需要将监控结果输出到飞书表格, (4) 用户提到舆论监控、舆情分析...

1· 103·0 current·0 all-time
by@lisayinyy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README/metadata promise a full workflow: search → filter → generate multi‑persona comments → write to Feishu Bitable. The included Python script implements searching/extraction using Playwright and persisting login state, but the repository files shown do not contain code to generate persona comments or to write results to Feishu. config.yaml expects a Feishu app_token/table_id, but the runtime code does not (in the visible files) use them. This inconsistency could be sloppy engineering or an incomplete package; it is not coherent as-is.
!
Instruction Scope
SKILL.md instructs the agent/user to login via a persistent Playwright browser session, run batch searches, and run the full workflow including comment generation and writing to Feishu. The script clearly instructs a user to scan to create a persistent login and to run searches. There are no instructions to read unrelated system files, nor evidence of exfiltration, but SKILL.md also includes operational guidance for coordinating multiple commenter personas and an explicit '建议水军数量' (suggest water‑army/account numbers), which enables coordinated influence operations and is ethically concerning. Additionally, the agent-facing instructions promise Feishu output and comment-generation steps that the provided script does not implement.
Install Mechanism
No opaque download or archive-extraction is used. The skill is instruction‑only plus a Python script; dependencies are standard (Playwright). Installation steps shown use git clone and pip install playwright / playwright install chromium — these are normal. The script hardcodes a macOS Chrome path which is brittle but not a supply‑chain red flag.
!
Credentials
config.yaml asks for Feishu app_token/table_id (sensible if writing to Feishu). However the skill registry metadata lists no required environment variables or primary credential, which is inconsistent with the config and SKILL.md metadata (which lists 'feishu-bitable' as a requirement). The script creates a local browser_data directory to persist login cookies — this stores sensitive session tokens on disk. Storing Feishu tokens in plaintext config.yaml (as instructed) is also sensitive. No other unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It persists Playwright login state under its own browser_data directory and mentions an agent .learnings folder — this is confined to the skill's workspace and does not alter other skills or system settings. The ability to run autonomously is default and present, but not combined with other high privileges here.
What to consider before installing
This skill partly does what it says (search Xiaohongshu using Playwright) but the package appears incomplete: it promises comment generation and writing to Feishu, yet the visible script only performs searches and persists a browser session. Before installing, verify the following with the author or by inspecting the repo: (1) where and how the Feishu upload and comment-generation are implemented (search for feishu API calls and persona‑generation code), (2) that no code silently posts comments or exfiltrates data to unexpected endpoints, and (3) how login/session data and Feishu tokens are stored. If you proceed, do not place app tokens in plaintext config.yaml on a shared machine — use a secrets manager or environment variables, and run first in an isolated environment. Also consider the ethical and legal implications: the skill explicitly guides coordinating multiple personas and suggests 'water‑army' quantities, which can facilitate deceptive influence operations — ensure your use complies with laws and platform terms. If you cannot confirm the missing pieces or trust the author, treat this skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk9773bhtf2bnappdehq8c4ftf5838f1y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments