ClawHub

Auto Redbook Content

v2.5.2

小红书热点抓取与去AI味改写工具。抓取首页热点→生成去AI味改写提示词→本地存储。

1· 650·1 current·1 all-time
by@shaojie66
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (fetch Xiaohongshu hotspots → generate de-AI prompts → save locally) matches the files and package.json. Required binary (node) and permission (fs:write:output) are appropriate and proportionate.
Instruction Scope
SKILL.md and fetch.js state that actual network fetching is performed by an external 'xiaohongshu MCP' tool provided by the OpenClaw agent environment; the included scripts do not perform network I/O and only generate mock data locally. This is coherent, but it means network access would occur only if the agent invokes the MCP tool or another external tool — review the agent/tool behavior before running.
Install Mechanism
No install spec; instruction-only with small JS scripts. Nothing is downloaded or extracted during install; risk from install mechanism is minimal.
Credentials
No required secrets or credentials. One optional env var (XHS_MAX_RESULTS) controls fetch count. package.json declares only fs:write:output. No disproportionate environment or credential requests.
Persistence & Privilege
always is false, agent invocation is normal. The skill only writes to its own output directory and does not modify other skills or system configuration.
Assessment
This skill appears internally consistent and does not request secrets. Before installing/running, confirm the following: (1) The OpenClaw agent/tool 'xiaohongshu MCP' is trusted — if invoked, it will perform network requests and could send fetched content externally; (2) If you or the agent will send the generated prompts or original content to external LLMs or services, be aware that those prompts include original note content and could leak data; (3) Review agent tool permissions and run the skill in a sandbox if you want to avoid any network activity. If you only run the included scripts locally, they generate mock data and only write JSON to the output/ folder.
scripts/run.js:17
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

automationvk97ekbxcm4tpq7xzf7ze34820x82teh9contentvk97ekbxcm4tpq7xzf7ze34820x82teh9feishuvk97ekbxcm4tpq7xzf7ze34820x82teh9latestvk9782pmd6z84896azsnm1af07582ywxbocrvk97ekbxcm4tpq7xzf7ze34820x82teh9visionvk97ekbxcm4tpq7xzf7ze34820x82teh9xiaohongshuvk97ekbxcm4tpq7xzf7ze34820x82teh9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📕 Clawdis
Binsnode

Comments