Xiaohongshu Post
v1.1.0在小红书创作服务平台发布图文帖子。包括: (1) 从本地桌面跨权限上传图片到小红书, (2) 填写标题和正文, (3) 发布帖子。当用户要求发布小红书帖子、上传图片到小红书、或需要在小红书发图文时使用此skill。
⭐ 0· 2.1k·12 current·13 all-time
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Stated purpose (publish a Xiaohongshu post including uploading local images) reasonably requires browser automation and access to local image files. However, the skill metadata declares no config paths, credentials, or required permissions while the instructions assume filesystem and browser-profile access.
Instruction Scope
SKILL.md explicitly instructs running PowerShell to enumerate the user's Desktop, copying files into a temporary directory, and then invoking an upload action using absolute local paths. These instructions access user files and require execution of system commands and control of a browser session — actions outside the metadata's declared scope and potentially privacy-invasive.
Install Mechanism
No install spec or code files are present (instruction-only). That reduces filesystem persistence risk, but means the instructions are the full runtime surface to evaluate.
Credentials
The skill uses environment information (e.g., $env:USERPROFILE) and expects access to a Chrome profile and local filesystem, yet declares no required environment variables, config paths, or primary credential. Requiring broad local access without declaring it is disproportionate and ambiguous.
Persistence & Privilege
always is false and there is no install; the skill does not request permanent presence or elevated platform privileges in the manifest.
What to consider before installing
This skill asks the agent to search your Desktop, copy images into a temporary folder, and use your Chrome profile session to upload them. That behavior is plausible for posting images but is privacy-sensitive and isn’t declared in the skill metadata. Before installing or using it, confirm you trust the skill author and that the agent runtime will prompt you before running PowerShell or accessing files. Prefer a version that: (1) asks you to select specific files rather than scanning the whole Desktop, (2) declares required local paths/permissions, or (3) uses an explicit file-pick UI so you can control exactly which files are exposed. If you cannot verify those controls, avoid installing or only run it in a tightly sandboxed environment where it cannot access your real home directory or browser profiles.Like a lobster shell, security has layers — review code before you run it.
latest
小红书发帖Skill
使用前提
确保用户已登录小红书创作服务平台 (https://creator.xiaohongshu.com)。
完整发布流程
步骤1: 打开发布页面
URL: https://creator.xiaohongshu.com/publish/publish?source=official
步骤2: 处理图片上传(关键 - 跨权限)
浏览器无法直接访问用户桌面文件,需要中转:
- 扫描桌面找图片
Get-ChildItem -Path $env:USERPROFILE\Desktop | Select-Object Name
- 复制到允许的目录
# 假设图片名为 xxx.png
New-Item -ItemType Directory -Path '\tmp\openclaw\uploads' -Force
Copy-Item -Path (Join-Path $env:USERPROFILE 'Desktop\xxx.png') -Destination '\tmp\openclaw\uploads\' -Force
-
上传到小红书(关键步骤)
流程A: 首次上传
- 点击「上传图文」切换到图文模式 (ref=e109)
- 点击「上传图片」按钮 (ref=e128)
- 立即调用 upload 命令(无延迟):
{ "action": "upload", "paths": ["C:\\tmp\\openclaw\\uploads\\xxx.png"] "profile": "chrome" }流程B: 继续上传多张图片
- 每上传一张后,页面会显示"1/18"等计数
- 点击图片区域的加号按钮继续添加 (ref=e179)
- 再次调用 upload 上传下一张图片
步骤3: 填写内容
- 填写标题 - 定位标题输入框 (ref=e192),type 输入标题文字
- 填写正文 - 定位正文输入框 (ref=e201),type 输入正文内容
步骤4: 发布
- 点击「发布」按钮 (ref=e480)
- 页面显示"发布成功"即完成
关键技术点
- upload必须在点击上传按钮后立即调用,中间不能有延迟,否则file input会丢失
- 每次上传一张图片后需要重新点击加号按钮才能继续上传下一张
- 浏览器控制服务可能不稳定,如果遇到timeout需要重新连接Chrome relay
- 使用profile=chrome而不是openclaw,因为用户已登录的会话在chrome profile中
常见问题
- 页面显示账号异常: 需要用户在手机端或网页端完成实名认证/绑定手机
- 上传后页面刷新: 可能触发了某些限制,尝试重新填写并发布
- Choose File按钮无法点击: 尝试用JavaScript evaluate方式触发,或等待页面加载完成后重试
- upload上传不成功: 一定要先点击「上传图片」按钮,立即再调用 upload(中间不要有延迟)
- 发布后页面刷新数据丢失: 小红书平台限制,点击发布后页面会刷新,可尝试先保存草稿再手动发布
- 浏览器控制服务超时: 需要用户重新点击Chrome扩展图标连接relay
Comments
Loading comments...