Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
小红书自动互动技能
v1.0.0小红书自动互动技能,实现智能搜索、浏览、点赞和收藏,避免重复操作并支持错误智能处理和历史记录管理。
⭐ 0· 53·0 current·0 all-time
byXuanying Chen@luckychay
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (自动搜索/浏览/点赞/收藏) lines up with the bundled scripts which call a local MCP API to search, like and favorite feeds. Required tools (curl, jq) are appropriate. However the scripts hardcode file paths (e.g., /home/chan/.openclaw/workspace, /home/chan in crontab examples) which is not justified by the skill's purpose and may cause the skill to write files to an unexpected location on your system.
Instruction Scope
SKILL.md instructs copying scripts into a workspace and configuring cron to run them periodically; the scripts perform local network calls to http://localhost:18060/mcp, create log/history files, and write temporary headers to /tmp/xhs_headers. These actions are within the automation use-case but expand scope to persistent system changes (cron and files). The scripts do not remove /tmp/xhs_headers after extracting the session id (possible local sensitive artifact). The hardcoded paths in scripts and crontab examples make behavior environment-dependent and potentially surprising.
Install Mechanism
There is no external install or download spec (no network install), the package is instruction + included shell scripts — low supply-chain risk. The risk is that the bundled scripts will be copied into the user's workspace and made executable; you should inspect and possibly edit those scripts before running. No external arbitrary URLs are fetched.
Credentials
The skill requests no environment variables or external credentials. It relies on a locally running MCP service and an already-logged-in Xiaohongshu account — this is proportionate. Still, because the skill operates using the local MCP session (SESSION_ID and xsec_token values), it will act on whatever account is logged into that local service without prompting; that's expected but worth noting.
Persistence & Privilege
The SKILL.md explicitly instructs adding cron entries to run the script periodically, creating persistent autonomous behavior on the host. While always:false (the skill is not force-included), following these instructions will make the automation persist outside the agent. Combined with hardcoded paths and log/history files, this creates a persistent footprint that you must manage (rotation, cleanup).
What to consider before installing
Before installing or running this skill:
- Inspect and edit the scripts. Replace hardcoded /home/chan paths with the correct paths for your account (or use $HOME). Confirm LOG_FILE and HISTORY_FILE locations.
- Review the scripts line-by-line (they're plain shell) to confirm behavior and remove any actions you don't want (they only call localhost and write local files, but they will act using the local MCP session).
- Understand persistence: the docs show adding cron jobs — only add cron entries if you want continuous automated actions. Consider running the script manually first.
- Clean up temporary files: the script leaves /tmp/xhs_headers containing session headers; consider removing or zeroing that file after use to avoid local leakage of SESSION_ID.
- Consider platform/TOS risk: automated liking/favoriting may violate Xiaohongshu terms; use cautiously and limit frequency (the README suggests 3–5 times/day).
- Test in a controlled environment (test account or VM) before granting it access to your real account or enabling cron scheduling.Like a lobster shell, security has layers — review code before you run it.
latestvk974fvvsnrh1j75jezac73psnx84e290
License
MIT-0
Free to use, modify, and redistribute. No attribution required.