v1.0.0

小红书自动排版发布---一键安装

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:11 AM.

Analysis

This is a purpose-aligned Xiaohongshu publishing skill, but it deserves careful review because it saves a reusable Xiaohongshu login session and can automate public posting through persistent local agents and scripts.

GuidanceReview this skill before installing if you use a real Xiaohongshu account. It is not clearly malicious, but it keeps a reusable login session, registers persistent agents, and can publish public content. Use a dedicated account if possible, check every preview before confirming, and delete or protect the saved session file when you no longer need automated publishing.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

scripts/xhs_publish.cjs

console.log('⚠️  即将提交发布，请在浏览器中确认内容后按 Enter 继续...'); ... await publishBtn.click();

The script can click the publish button in Xiaohongshu after filling content, but it includes an explicit user confirmation pause before submission.

User impactIf the user confirms without checking carefully, the script can publish content publicly to the account.

RecommendationReview the browser preview, title, images, body text, and target account before pressing Enter or otherwise confirming publication.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusNote

scripts/setup.cjs

execSync(args.join(' '), { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'], shell: true })

The setup script executes shell commands to check OpenClaw, list agents, check Playwright, and register new agents.

User impactThe setup process can run local commands in the user's environment. It appears aligned with deployment, but the shell-based construction is less safe than direct argument execution.

RecommendationPrefer a reviewed setup path, and maintainers should replace shell: true plus string-joined arguments with spawnSync/execFileSync and fixed argument arrays.

Rogue Agents

SeverityMediumConfidenceHighStatusNote

SKILL.md

openclaw agents add lingge ... openclaw agents add xinglan ... --workspace "~/.openclaw/workspace-xiaohongshu-publisher/..."

The skill registers two persistent OpenClaw agents with workspaces under the user's ~/.openclaw directory.

User impactThe installed agents can remain available after setup and may continue using their workspace memory and scripts when invoked later.

RecommendationInstall only if you want these persistent agents. Remove or unregister them if you no longer need the Xiaohongshu publishing workflow.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/xhs_publish.cjs

const SESSION_FILE = path.join(SESSION_DIR, 'state.json'); ... await context.storageState({ path: SESSION_FILE });

The script saves Playwright browser storage state, which can include Xiaohongshu cookies/session data, for later reuse by login checks, publishing, and analytics commands.

User impactA saved session can let the local script act as the logged-in Xiaohongshu account, including publishing content or reading creator-center data, until the session is removed or revoked.

RecommendationInstall only if you are comfortable storing a reusable Xiaohongshu session locally. Protect or delete ~/.openclaw/workspace-xiaohongshu-publisher/.session/state.json when finished, use a dedicated account if possible, and the package should declare this credential/session requirement explicitly.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

templates/xinglan/AGENTS.md

读取 MEMORY.md 获取长期记忆（历史发布数据规律、最佳发布时段等） ... 数据规律（最佳发布时段、高效话题类型等）更新到 MEMORY.md

The agent is instructed to use and update persistent memory containing publishing history, performance patterns, and account-related operating context.

User impactFuture recommendations may be influenced by stored historical data, and incorrect or sensitive entries could persist across tasks.

RecommendationPeriodically review MEMORY.md and daily memory files, remove sensitive or incorrect entries, and avoid storing private account information that is not needed.