Skillv1.0.1

ClawScan security

post-to-xhs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 4:07 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions, required binaries, and behaviors align with a Xiaohongshu (小红书) posting/management helper; it asks the user to install and run a third‑party CLI that will manage login cookies and perform automated browser actions — this is coherent but requires trusting the external package and its local side effects.
Guidance: This skill is coherent for automating Xiaohongshu actions, but it delegates work to a third‑party Python package (xhs-mcp-py) and Playwright/Chromium which you must install. Before installing/running: 1) review the xhs-mcp-py package source (PyPI project, repo) to ensure you trust it; 2) run it in an isolated environment (VM/container) if you are unsure; 3) be aware the tool will save login cookies and print tokens (xsec_token) — treat those as sensitive credentials; 4) do not run this on systems holding other secrets or high privileges without review; 5) install zbar/ImageMagick only if needed and from official OS packages. If you want a higher assurance, ask the skill author for a code repository link or a signed release before installing.

Review Dimensions

Purpose & Capability: okThe name/description (posting and managing Xiaohongshu content) match the instructions: installing a Python CLI (xhs-mcp-py), using Playwright/Chromium for browser-based login/automation, and providing commands for publish/search/like/comment. The required binary 'convert' (ImageMagick) is plausible for image processing.
Instruction Scope: noteSKILL.md stays focused on Xiaohongshu workflows (login, publish, search, interact). It instructs installing/playwright and running xhs-mcp commands that read image/video files supplied by the user and persist cookies locally. Note: the tool prints/returns tokens (xsec_token) and stores cookies (7–30 days), which are necessary for the described actions but are sensitive local artifacts.
Install Mechanism: noteThe skill itself has no install spec, but the instructions require installing a third‑party Python package (pip install xhs-mcp-py) and Playwright browsers. These are reasonable for a CLI that automates a web UI, but they mean arbitrary code will be downloaded and executed from PyPI and Playwright's distribution — users should vet that package/source before installing.
Credentials: okThe skill declares no environment variables or credential requirements. The runtime behavior relies on interactive login (QR code, browser) and local cookie storage; sensitive data (cookies, xsec_token) are produced by normal operations and are proportionate to the skill's purpose.
Persistence & Privilege: okalways is false and the skill is user-invocable. The documented persistence is limited to the tool's local cookie files (login lifetime ~7–30 days). The skill does not request elevated system-wide privileges or modification of other skills' configs.