redbook

The redbook skill bundle is a legitimate CLI tool for Xiaohongshu (XHS) automation and analysis. It extracts browser cookies locally (via sweet-cookie and a CDP fallback in src/lib/cdp-cookies.ts) to authenticate with XHS APIs, which is consistent with its stated purpose. The post-install script (scripts/postinstall.js) performs targeted patches on its dependencies to fix specific bugs related to macOS keychain timeouts and BigInt handling, which is a functional requirement rather than a malicious act. The SKILL.md provides detailed operational instructions for AI agents, including safety guidelines such as rate limits, jitter, and dry-run requirements to prevent account bans. No evidence of data exfiltration, unauthorized remote control, or malicious prompt injection was found.