ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RedNote Research

v0.4.0

Research a topic through RedNote/Xiaohongshu discussion signals using either public-web mode (no login) or optional login-enhanced browser review when the us...

0· 155·1 current·1 all-time
byPippin@pippin1214
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (RedNote/Xiaohongshu research) matches the included materials: detailed SKILL.md, query builders, claim-log tools, and many reference templates for evidence handling. There are no unrelated required env vars, binaries, or installs that don't belong to a web-research/analysis skill.
Instruction Scope
Instructions are specific and constrained to public-web searching and an explicit, user-consented 'login-enhanced' browser review. The SKILL.md explicitly forbids asking for passwords in chat and requires the user to complete the login inside the browser session. Note: the skill assumes an agent/platform-provided browser automation environment for the login-enhanced flow — that capability is referenced but not declared as a required binary in metadata (this is a reasonable assumption on many agent platforms, but you should confirm the runtime supports interactive browser sessions).
Install Mechanism
No install spec is provided (instruction-only install), so nothing is downloaded or extracted. The repository includes small utility scripts (query builder, recovery builder, claim-log tools) which are local and readable; they don't perform network calls or hidden downloads in the provided source.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Its optional login flow is explicitly user-driven and does not ask for credentials via chat, which is proportionate for the stated purpose.
Persistence & Privilege
The skill is not marked always:true and has default autonomous invocation allowed (normal for skills). It does not request permanent presence or elevated system privileges, nor does it attempt to modify other skills or system configuration.
Assessment
This skill appears coherent and safe for research tasks: it defaults to public-web searches and only uses a login-enhanced browser path if the user explicitly chooses to log in in a controlled session. Before installing, confirm your agent platform supports interactive/browser automation (the skill expects to open a browser session for user login). Never enter passwords into chat — follow the skill's instructed browser-native login flow. If you plan to run any included scripts, you can inspect them locally first (they are simple, readable utilities) and ensure your runtime won't unexpectedly execute external downloads.

Like a lobster shell, security has layers — review code before you run it.

latestvk979rfnyq01geg9e81165tssa583b3rp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments