ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fox Xiaohongshu Title

v1.0.0

Maximize CTR (Click-Through Rate) by leveraging emotional hooks and platform algorithms.

0· 43·0 current·1 all-time
byGarfieldQin@qinthqod·fork of @gxkim/xiaohongshu-title (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, provided example library, templates, and validator.py are all consistent with a title-generation tool for Xiaohongshu. However, provenance metadata is inconsistent (registry ownerId != _meta.json ownerId) and SKILL.md claims '200+ real high-performing title examples' while examples.md in the package is truncated; source/homepage are missing. These inconsistencies reduce trust in origin but do not contradict the skill's stated function.
Instruction Scope
SKILL.md explicitly restricts operations to local files (examples.md, references.md, validator.py) and generating/filtering titles. It does not instruct reading other system files, environment variables, or sending data to external endpoints. The subjective instruction to 'discard titles that feel AI-generated' is heuristic but within the skill's scope.
Install Mechanism
No install spec (instruction-only) and only a small local validator.py file are included. Nothing is downloaded or written to disk beyond normal skill files, so install risk is low.
Credentials
The skill requests no environment variables, no credentials, and references no external services. All required assets are local to the skill bundle, so credential access is proportional to purpose.
Persistence & Privilege
Skill is not forced-always, is user-invocable, and does not request persistent/global privileges or modify other skills. Model invocation is allowed (platform default) but combined with no network/credential access the blast radius is limited.
What to consider before installing
This skill appears to do what it says (generate high-CTR Xiaohongshu titles) and does not request credentials or network access, but you should: 1) verify provenance — ownerId mismatch and missing homepage mean the source is unclear; prefer skills with verifiable authorship. 2) Review examples.md contents for copyright or scraped-content issues before using in production. 3) Test outputs for compliance with local advertising and platform rules (validator enforces some bans but may not cover everything). 4) Manually review generated titles for legal/ethical problems (health claims, defamation, sensitive content) before posting. If provenance or licensing is important, ask the publisher for origin details or choose a skill with a verifiable homepage/owner.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a60k9y2t44e3zd9asxkq64x83wpbk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📺 Clawdis

Comments