Skillv1.0.0

ClawScan security

xhs-auto · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 2, 2026, 3:50 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (generate images and prepare posts, then call xhs-kit), but it fails to declare required API credentials and relies on networked model gateways — a mismatch that users should understand before installing.
Guidance: This skill appears to implement the advertised Xiaohongshu automation flow, but it expects you to provide model gateway API keys (GOOGLE/GEMINI or SEED) even though the registry metadata doesn't declare them. Before installing: (1) Review and be comfortable with the included scripts (they are plain Bash/Python and call external API endpoints). (2) Understand that any prompt text and any base images you pass to the tool will be uploaded to the configured external gateway (so avoid sending sensitive/private images or text). (3) Only provide API keys with limited scope or dedicated/test keys, and consider using a proxy/gateway you control. (4) Verify trustworthiness of xhs-kit (pip package) before granting publish credentials for real posting. (5) Test in a sandbox or VM, and use the documented debug-publish mode (which claims not to perform an actual publish) before attempting a real publish. The primary issue is transparency about required credentials — correct that omission or proceed only after accepting the privacy/network implications.

Review Dimensions

Purpose & Capability: concernName/description match the included scripts and the xhs-kit publishing flow. Requested binaries (bash, curl, jq, base64, xhs-kit) are appropriate. However, the registry metadata declares no required environment variables while both scripts and documentation require sensitive API keys (GOOGLE_API_KEY/GEMINI_API_KEY and/or SEED_API_KEY). That undeclared credential requirement is an incoherence.
Instruction Scope: noteSKILL.md instructs the agent to generate text and images, save outputs under ${workspace}/xhs-auto/{timestamp}, and call xhs-kit debug-publish — all within the stated purpose. The scripts will read environment variables for API keys and will transmit prompts and (for edit mode) image bytes to external OpenAI-compatible endpoints; this is expected for image generation but means user-supplied images or prompts will be sent off-host.
Install Mechanism: okNo install spec (instruction-only skill) and included code files are local. Nothing in the manifest pulls arbitrary remote installers or archives. The README suggests installing public packages (pip, playwright) which is normal.
Credentials: concernThe skill requires API keys for external model gateways (Google/Gemini or ByteDance Seed) but the registry lists no required env vars. Those keys are sensitive and will be used to make external network calls; the omission from the declared requirements is a mismatch and reduces transparency. xhs-kit may also require login credentials for real publishing (not needed for debug), which the docs mention.
Persistence & Privilege: okThe skill does not request always: true and does not modify other skills. It writes outputs into a workspace subdirectory (documented) and does not request system-wide privileges.