Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
小红书自动排版发布---一键发布
v1.0.0小红书发布流水线:XHS排版→主编审核→自动化发布→数据复盘。在已有Markdown定稿基础上执行小红书格式化和发布。触发词:发布到小红书、小红书排版、小红书发布。需先完成内容创作。
⭐ 0· 116·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a coherent XHS (小红书) publish workflow (format → review → publish → analytics). However, the runtime steps depend on an external script (xhs_publish.cjs) and an assumed deployment (/xiaohongshu-publisher-setup). The skill itself contains no code or install spec — it only documents how other components should behave. That dependence is plausible but not self-contained.
Instruction Scope
Instructions direct the agent/operator to run Node scripts (check-login, login, publish, get-note) and to read/write a content.json and user image file paths. The instructions require access to local filesystem paths ({baseDir}/scripts or ~/.openclaw/...), open a browser, and auto-fill web forms. The SKILL.md enforces user confirmation twice before publishing (good), but because the actual scripts are external, the agent’s runtime behavior depends entirely on those scripts' implementation.
Install Mechanism
No install spec is provided (lowest risk); the doc states that the automation requires the playwright npm package and Chromium. Those are reasonable for browser automation, but installation is left to the operator. Because the skill is instruction-only, nothing will be written or downloaded by the skill itself — the risk depends on how xhs_publish.cjs is obtained and installed elsewhere.
Credentials
The skill does not request environment variables or credentials in its manifest, which is proportional. However, browser automation and publishing typically rely on user session state (cookies) or a login procedure; the SKILL.md references a login command but does not specify how credentials are stored/handled. Lack of included code means you cannot verify whether credentials/session data are handled securely.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills. Autonomous invocation is allowed by default but that is normal for skills and not by itself a problem.
What to consider before installing
This skill is an instruction-only workflow that expects an external Node script (xhs_publish.cjs) and Playwright/Chromium to be present. Before installing or running: (1) Verify where xhs_publish.cjs (and any publisher deployment) comes from and review its source — the SKILL.md does not include or expose the code. (2) Understand that the automation opens your browser and auto-fills web forms; ensure the scripts do not exfiltrate data or reuse other credentials. (3) If you plan to use this, deploy the publisher package from a trusted source and confirm how it stores/uses login/session information. (4) The SKILL.md requires explicit user confirmation before publishing — keep that safeguard, and do not proceed if the implementation bypasses it. If you cannot review the scripts, treat the skill as untrusted and avoid running automated publish commands from it.Like a lobster shell, security has layers — review code before you run it.
latestvk97b4mjsyghexp1vfqwxvs9t9d83h8c6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.