Back to skill
Skillv1.2.0
VirusTotal security
Baoyu Post To Xhs · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 9, 2026, 2:21 AM
- Hash
- da673da78e995902e54ff5e5ab597e9d1d772760c110024f123937ce31682c40
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: baoyu-post-to-xhs Version: 1.2.0 The skill bundle is a legitimate automation tool for posting image-text notes to Xiaohongshu (XHS) via Chrome CDP. The core logic in `xhs-browser.ts` and the supporting library in `scripts/vendor/baoyu-chrome-cdp/` focus on browser manipulation, such as navigating to the creator platform, handling logins, uploading images, and filling form fields. While the scripts use system commands like `ps aux` and `pkill` to manage Chrome instances and access local configuration files (e.g., `EXTEND.md`), these actions are well-documented and strictly aligned with the stated purpose of bypassing anti-bot detection for social media automation. No evidence of data exfiltration, unauthorized credential access, or malicious persistence was found.
- External report
- View on VirusTotal