v1.0.0

小红书自动发布(macOS)

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:12 AM.

Analysis

This skill is not overtly malicious, but it can use your logged-in Xiaohongshu browser session to publish public posts without a clear final approval step.

GuidanceReview carefully before installing. Only use it if you are comfortable giving the agent the ability to operate your Xiaohongshu account, and require a manual review of the image, title, body text, account, and final publish action before anything goes public.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

通过 browser.upload 上传图片到发布页 ... 使用 act+type 填写标题和正文 ... 点击发布按钮完成发布

The skill tells the agent to use browser automation to upload content and click the final publish button on a public social platform, without requiring a separate user confirmation.

User impactThe agent could publish content publicly from the user's Xiaohongshu account, which may affect reputation, compliance, or platform standing.

RecommendationRequire an explicit final preview and user approval before clicking publish, and clearly limit which account, topic, images, and text may be posted.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

publish.py

urls = [
        f"https://picsum.photos/800/1000",
    ] ... print(f"\n[4/4] 请在浏览器中完成以下操作:")

The helper downloads a generic random image and prints manual browser steps, which does not fully match the SKILL.md claim of keyword image search and one-click automatic publishing.

User impactUsers may overestimate how accurately the skill searches for images or how automated the included helper code is.

RecommendationPreview the selected image and generated post content before publishing, and document the helper's actual behavior accurately.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

使用 OpenClaw 内置浏览器 (profile="openclaw") ... 首次使用需要扫码登录小红书

The skill depends on a logged-in browser profile/session to act as the user, but the registry declares no primary credential or required configuration.

User impactInstalling or using the skill effectively grants it access to act through the user's logged-in Xiaohongshu session.

RecommendationDeclare the Xiaohongshu/browser-session requirement clearly, use a dedicated browser profile or account where possible, and avoid letting the agent act on an existing personal session without confirmation.