ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Xhs Expert

v1.0.0

小红书运营专家技能。能够搜索笔记、采集数据、互动操作(点赞/评论/收藏/关注), 分析内容趋势,批量运营账号。 当用户要求"搜索小红书"、"小红书运营"、"搜索xhs内容"、"批量互动"、 "分析小红书"、"xhs数据分析"时触发。

0· 87·0 current·0 all-time
by@mieming1985
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (search, collect, like/comment/follow, batch ops) align with the provided Python modules: XHSClient, FeedCollector, InteractionHandler, CookieManager and ChromeLauncher. The requested capabilities (browser login, cookie persistence, API calls to xiaohongshu endpoints) are coherent with operating a social automation tool.
Instruction Scope
SKILL.md instructs the agent to run CLI commands and explicitly requires login confirmations for sensitive actions; it does not ask to read unrelated system files or external endpoints beyond XiaoHongShu APIs. However, the runtime code performs full account interactions (like/comment/follow) and uses stealth injection to evade automation detection — behaviour that goes beyond passive data lookups and can change remote state and user accounts.
Install Mechanism
No install specification is provided even though the skill bundles multiple Python modules and lists dependencies (httpx, playwright, click) in pyproject.toml. Playwright requires browser binaries and extra installation steps; absence of an install/packaging instruction is an engineering mismatch that may cause unexpected runtime attempts to install or run heavy components. There are no remote downloads in the install path (no arbitrary URL pulls).
Credentials
The skill requests no environment variables or external credentials; instead it persists cookies and device identifiers to files under ~/.config/xiaohongshu. That is proportionate to its purpose (it needs cookies to authenticate). There are no unrelated credential requests, but local cookie files contain sensitive auth tokens and will be created/read without declaring them as explicit 'required' secrets.
!
Persistence & Privilege
The skill writes persistent authentication artifacts (cookies, device_id, a1) under the user's home directory. While 'always' is false, the skill can be invoked autonomously (default platform behavior). Combined with batch-interaction and stealth techniques, this increases the blast radius (it can automate actions on your account). The SKILL.md includes forced confirmation rules, but enforcement depends on how the agent invokes the CLI; autonomous invocation could bypass expected manual checks if not properly constrained.
What to consider before installing
This skill is coherent with its stated function (scraping and automating XiaoHongShu), but it performs actions that can modify your account (likes, comments, follows) and uses stealth techniques to evade detection. Before installing or running it: - Only use it if you trust the source and understand it will store cookies and tokens in ~/.config/xiaohongshu (these are sensitive and can be used to act as your account). - Be aware this may violate XiaoHongShu's terms of service and could lead to account rate-limits or suspension. - The package requires Playwright and browser binaries (heavy install); lack of an install spec is an engineering mismatch — expect manual dependency setup. - If you do run it, do so in a sandboxed environment or with a throwaway/test account first. - Do not enable autonomous agent invocation for this skill unless you explicitly want the agent to perform social actions; prefer manual invocation and confirm CLI prompts. - If you are not comfortable reviewing code, avoid providing this skill access to any real account credentials or cookies; inspect the cookie files periodically and revoke sessions on the platform if unsure. Low-level notes that may affect trust: the code includes stealth/anti-automation injections and a simplified signing algorithm (author notes it's not a production reverse-engineered signature), and the repo bundles working code but no install/run instructions — these are signs to review and test before using with important accounts.

Like a lobster shell, security has layers — review code before you run it.

latestvk9748d85g0ygjtga10ff4wcdxd83max2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments