ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Xhs

v1.0.0

小红书全能助手 — 文案生成、封面制作、内容发布与管理。当用户要求写小红书笔记、生成小红书文案/标题/封面、发小红书、搜索小红书、评论点赞收藏等任何小红书相关操作时使用。支持一站式从文案创作到自动发布的完整流程。封面图使用纯ImageMagick生成,无需API配置。

0· 51·0 current·0 all-time
byXuanying Chen@luckychay·fork of @hi-yu/xhs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's main needs (ImageMagick 'convert' and 'curl') align with cover generation and HTTP calls, but the shipped scripts also call many other tools (python3, md5sum, fc-list, identify, systemctl, pgrep, Xvfb, jq) and expect a local MCP binary at ~/xiaohongshu-mcp/xiaohongshu-mcp-linux-amd64. The metadata declared only 'convert' and 'curl' and 'no required env vars', so the actual runtime dependencies are under-declared and disproportional to the simple description.
!
Instruction Scope
SKILL.md and scripts instruct the agent to read ~/.openclaw/openclaw.json (agent configuration), execute check_env.sh which will try to start services, initialize and call a local MCP HTTP endpoint, and spawn Xvfb or systemd services. Reading the OpenClaw config and starting system services is outside a pure 'generate title/cover' scope and could expose unrelated configuration or require elevated permissions.
!
Install Mechanism
There is no install spec. The skill expects a specific local binary (xiaohongshu-mcp-linux-amd64) under the user's home and will attempt to start it (systemctl or nohup) and start Xvfb. Because the binary location, origin, and installation steps are not provided, the workflow depends on executing an opaque binary that the skill does not fetch from a verifiable source.
!
Credentials
Although registry metadata declares no required env vars, scripts reference many optional credentials (GEMINI_API_KEY, IMG_API_KEY + IMG_API_BASE, HUNYUAN_SECRET_ID/KEY, XHS_AI_API_KEY, XHS_AI_API_URL, XHS_AI_MODEL, XHS_MCP_URL). The skill also reads ~/.openclaw/openclaw.json. These environment/config accesses are broader than the declared surface and could expose sensitive keys or encourage the user to provide API keys not strictly necessary for offline cover generation.
!
Persistence & Privilege
The skill does not request 'always:true', but its runtime expects to start/stop systemd services and background processes (xhs-mcp, Xvfb) and to run a local long-lived binary. That level of system interaction and service control is a meaningful privilege for an instruction-only skill and should be accepted only if the user trusts the MCP binary and repository.
What to consider before installing
This skill broadly does what it claims (title/content generation + ImageMagick covers + calls to a local MCP service) but contains several red flags you should consider before installing or running it: - Origin and binary trust: The scripts expect a local binary at ~/xiaohongshu-mcp/xiaohongshu-mcp-linux-amd64 and systemd unit 'xhs-mcp', but the skill provides no install source or signature. Do not run or start that binary unless you have obtained it from a trusted repository and verified it. - Undeclared dependencies: The metadata only lists 'convert' and 'curl', but scripts also call python3, md5sum, fc-list/identify (ImageMagick identify), jq (in SKILL.md examples), systemctl, pgrep, Xvfb and more. Ensure your environment meets these needs and inspect scripts before granting permission to run them. - Sensitive environment/config access: The scripts reference multiple optional API keys (GEMINI_API_KEY, IMG_API_KEY, HUNYUAN_* , XHS_AI_*). The skill will also read ~/.openclaw/openclaw.json. Only set or expose API keys if necessary and you trust where data will be sent. If you don't want networked image/AI calls, do not provide those keys. - Service/startup behavior: check_env.sh will try to start Xvfb and the MCP service (via systemctl or nohup). Starting system services or background binaries has system-level impact — run these steps in a controlled environment (VM/container) first, and avoid running as root. - What would reduce risk: a public homepage/repository, signed/releases for the MCP binary, an explicit install spec that fetches the binary from a reputable host (GitHub releases with checksum/signature), or trimmed scripts that only require the declared binaries and do not attempt to start system services. Recommendation: Do not run the MCP binary or the environment-starting scripts until you verify the binary's provenance. If you want only the cover generation and content templates, consider running scripts (cover.sh, generate.sh) in an isolated environment after reviewing them. If you plan to enable publish/search features, obtain and audit the MCP implementation and its source first.

Like a lobster shell, security has layers — review code before you run it.

latestvk978smzmfzh5mhgmbaa8s1peex84eb0p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📕 Clawdis
Binsconvert
Any bincurl

Comments