redbook
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill appears aligned with its Xiaohongshu automation purpose, but it uses your browser login cookies to act as your social-media account and installs persistent agent instructions, so it needs careful review.
Install only if you are comfortable giving a CLI/agent access to your Xiaohongshu browser session. Use a separate Chrome profile or test account, require manual confirmation before any comment, reply, like, delete, or publish action, and inspect the npm postinstall changes to ~/.claude/skills before relying on it.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and invoked, the agent/CLI can operate using the user's logged-in Xiaohongshu session rather than a separate scoped API key.
The tool authenticates by reading browser cookies across Chrome profiles to find an existing Xiaohongshu login session. That gives the CLI delegated access to the user's account.
使用浏览器 Cookie 认证,无需 API Key。... CLI 会自动检测所有 Chrome 配置文件,找到你的小红书登录状态。
Use a dedicated browser profile or secondary account, review when cookies are requested, and log out or revoke sessions if you stop using the tool.
A mistaken or overly autonomous agent action could post public content, interact with other users, change collections, or delete the user's own note.
The skill exposes multiple account-mutating social-media actions, including posting, replying, liking, collecting, deleting, and publishing. These actions can affect public content and account state.
| Post a comment | `redbook comment <url> --content "text"` | ... | Like a note | `redbook like <url>` | ... | Delete own note | `redbook delete <url>` | ... | Publish image note | `redbook post --title "..." --body "..." --images img.jpg` |
Require explicit user confirmation for every mutating command, keep batch replies in dry-run mode until reviewed, and avoid letting the agent perform social actions unattended.
Using this automation may violate platform rules, trigger anti-abuse systems, or put the user's Xiaohongshu account at risk.
The documentation explicitly frames randomized reply delays as a way to avoid bot detection during automated engagement.
回复间隔已自动添加 ±30% 随机抖动,避免触发机器人检测。建议每天每篇笔记最多批量回复 1-2 次。
Treat engagement automation as high-risk; prefer manual review, conservative limits, and compliance with the platform's rules.
Installing the npm package changes the local agent skill environment and could overwrite an existing redbook skill entry.
The package automatically installs itself as a persistent Claude Code skill and can remove an existing ~/.claude/skills/redbook path before creating the symlink.
const SKILL_DIR = join(homedir(), '.claude', 'skills'); ... rmSync(SKILL_LINK, { recursive: true }); ... symlinkSync(PACKAGE_ROOT, SKILL_LINK);Inspect postinstall behavior before installing, verify the ~/.claude/skills/redbook symlink, and remove it manually if you do not want persistent agent integration.
The installed dependency may differ from the upstream package and lockfile, which can complicate auditing and reproducibility.
The install script rewrites files inside the installed @steipete/sweet-cookie dependency to patch behavior. The intent is documented, but it changes third-party dependency contents after installation.
writeFileSync(target, patched, 'utf-8'); console.log('[redbook] Patched sweet-cookie keychain timeout (3s -> 30s).');Prefer an upstream dependency fix or a pinned fork; at minimum, keep this postinstall patch clearly documented for users.
Running the CLI may start a local Chrome process and access browser-session state.
The static scan shows the code launching a Chrome binary. This is consistent with the documented CDP cookie fallback, but it is still local process execution.
const child = spawn(chromeBinary, args, {Only run the tool from a trusted installation, and review CHROME_PATH/profile settings before use.