Fox Xiaohongshu Publish
v1.0.0小红书长文发布。用于在网页版小红书创作服务平台发布长文笔记。当用户说"发小红书"、"发小红书长文"、"写一篇小红书"时使用此技能。
⭐ 0· 91·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description describe publishing long-form Xiaohongshu notes and the SKILL.md gives step-by-step browser interactions to do exactly that. There are no unrelated env vars, binaries, or installs requested. (Minor metadata inconsistency: _meta.json ownerId/slug differ from registry metadata, which looks like copy/paste or packaging noise but doesn't affect runtime behavior.)
Instruction Scope
Instructions are limited to opening the Xiaohongshu creator URL and interacting with page elements (title, body, template, publish). They do not request files, secrets, or external endpoints. Note: the skill assumes a logged-in browser session but does not describe authentication; because it uses the built-in browser, it will operate with whatever Xiaohongshu session/cookies are present, and therefore can publish using the user's account.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is written to disk or downloaded during install.
Credentials
The skill declares no environment variables or credentials, which is proportional. However, its runtime use of the built-in browser gives it access to the user's web session and cookies for Xiaohongshu (implicit credential access). This is expected for a browser-automation publishing skill but is important for users to understand.
Persistence & Privilege
always is false and there are no install-time modifications or requests for broad privileges. The skill can be invoked (normal default), but it is not force-included system-wide.
Scan Findings in Context
[no-findings] expected: The scanner found no code to analyze because this is an instruction-only skill (SKILL.md). That is expected; the security-relevant surface is the instructions that drive the built-in browser.
Assessment
This skill appears coherent and does what it says: it will use the agent's built-in browser to open the Xiaohongshu creator page and interact with the UI to publish a long note. Before using it: 1) ensure you're logged into the correct Xiaohongshu account in the built-in browser (the skill will act with that session's authority); 2) review and confirm content before publishing (there's no credential prompt because it uses existing cookies); 3) be cautious about enabling autonomous invocation if you don't want the agent to publish without explicit confirmation; and 4) note the metadata mismatch in _meta.json (probably benign but worth checking the skill source if you need provenance). If you need publishing that requires explicit authentication steps (e.g., OAuth), request or add those steps to the skill to make behavior clearer.Like a lobster shell, security has layers — review code before you run it.
latestvk97bme8nyxnrtsqc0weq1by0dh83wbhn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.