小红书自动化
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
Use this skill only if you intentionally want Xiaohongshu automation. Prefer preview and dry-run modes, protect the saved cookie and Chrome-profile files, and remember that image/copywriting prompts may be sent to your configured AI providers. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent will run local scripts on your machine to log in, scrape, generate content, and publish posts.
The skill requires local command execution through uv/exec for all operations. This is central to the design, but it gives the agent command-execution authority for a social-media automation workflow.
所有小红书操作必须使用 exec 工具执行以下命令,不要用 browser 工具打开网页。
Install only if you are comfortable with this skill running local uv commands, and review commands before allowing publishing actions.
If auto mode is used, generated content may be posted to your Xiaohongshu account without an additional preview step.
The skill discloses an auto mode that can publish directly to Xiaohongshu. This matches the stated purpose, but direct publishing is a high-impact action.
全自动流水线... 热点→选题→生成→预览/发布。--mode auto 直接发布。
Use preview or dry-run mode unless you intentionally want fully automatic posting, and verify generated titles, text, images, and topics before publishing.
Anyone or anything with access to the saved cookie file may be able to use your Xiaohongshu session.
The login script saves Xiaohongshu browser cookies to a local credentials file so later scripts can act as the logged-in user.
cookies = driver.get_cookies() ... Path(cookies_file).write_text(json.dumps(data, ensure_ascii=False, indent=2))
Keep ~/.openclaw/credentials/xhs_cookies.json and the Chrome profile private, and remove them if you uninstall or stop using the skill.
Installing the skill may download and install Python packages into the skill environment.
The installer pulls Python dependencies through uv and installs extra packages. This is normal for a Python automation skill, but it means installation depends on package-manager supply chain integrity.
uv sync ... uv pip install jieba Pillow
Install from a trusted source, review dependency files when possible, and keep uv/package sources up to date.
Saved trending or generated data can influence later content-generation and publishing decisions.
The skill stores and reuses trending data and publish logs under a persistent data directory to select topics and avoid duplicates.
published_dir = get_data_dir() / "published" ... trending_dir = get_data_dir() / "trending"
Periodically review or clear the skill data directory if you do not want old scraped/generated data reused.
Topics and prompt context used for copywriting are sent through your local OpenClaw gateway and may then be processed by the configured model provider.
The skill sends copywriting prompts to a local OpenClaw Gateway endpoint, optionally using a gateway token.
gateway_url = f"http://127.0.0.1:{gateway_port}/v1/chat/completions" ... headers["Authorization"] = f"Bearer {gateway_token}"Do not include sensitive private information in topics or prompts unless you are comfortable sending it through the configured gateway/model path.