Skillv1.0.0

ClawScan security

rednote(xiaohongshu,xhs) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 12:16 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requirements are consistent with its stated purpose (browser-based automation for Xiaohongshu) and do not request unrelated credentials or hidden network sinks.
Guidance: This skill appears to do what it claims: automated browser interactions with Xiaohongshu. Before installing or running it: (1) review the included Python scripts yourself or run them in an isolated environment (VM or container); (2) be aware the scripts will save your login cookies to rednote_cookies.json — treat that file like a credential (store it securely or use a throwaway account); (3) automated actions (likes, comments, publishes) will run as your account and may violate platform terms — proceed with caution; (4) ensure you trust the source before installing Playwright and running arbitrary scripts; (5) if you want stronger safety, modify scripts to run headless-only or add confirmation prompts before performing write actions.

Review Dimensions

Purpose & Capability: okThe name/description match the delivered artifacts: multiple Playwright scripts for searching, extracting, liking, commenting, following, collecting, publishing, validating and creating cookies for Xiaohongshu. No unrelated capabilities (cloud APIs, AWS creds, etc.) are requested.
Instruction Scope: noteSKILL.md instructs to run the included Playwright scripts which launch browsers, perform site navigation, and save/load cookies from rednote_cookies.json. The dump script extracts data from the page's JavaScript state (window.__INITIAL_STATE__), including metadata such as IP location if present. The instructions do not reference other system files, environment variables, or external endpoints beyond xiaohongshu.com, but users should note that the skill automates interactive actions (likes/comments/publish) and will act on the user's logged-in account.
Install Mechanism: okNo registry install spec is provided (instruction-only). The SKILL.md asks the user to install Playwright via pip and run playwright install — a conventional requirement for Playwright-based scripts. There are no downloads from unknown URLs or extracted archives in the registry metadata.
Credentials: noteThe skill requests no environment variables or external credentials, which is appropriate. However, it requires and writes a local storage_state file (rednote_cookies.json) containing auth tokens/cookies — these are effectively credentials and should be protected. The number and type of required artifacts are proportionate to a browser-automation integration.
Persistence & Privilege: okThe skill is not forced-always and does not modify other skills or global agent settings. Its only persistent artifact is the local cookies file. It does not request elevated system privileges.