Back to skill
Skillv2.5.2
ClawScan security
Auto Redbook Content · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 3:59 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requirements are consistent with its description: it generates rewrite prompts from fetched Xiaohongshu notes and writes JSON to an output folder, and it does not request secrets or perform direct network calls itself.
- Guidance
- This skill appears internally consistent and does not request secrets. Before installing/running, confirm the following: (1) The OpenClaw agent/tool 'xiaohongshu MCP' is trusted — if invoked, it will perform network requests and could send fetched content externally; (2) If you or the agent will send the generated prompts or original content to external LLMs or services, be aware that those prompts include original note content and could leak data; (3) Review agent tool permissions and run the skill in a sandbox if you want to avoid any network activity. If you only run the included scripts locally, they generate mock data and only write JSON to the output/ folder.
Review Dimensions
- Purpose & Capability
- okName/description (fetch Xiaohongshu hotspots → generate de-AI prompts → save locally) matches the files and package.json. Required binary (node) and permission (fs:write:output) are appropriate and proportionate.
- Instruction Scope
- noteSKILL.md and fetch.js state that actual network fetching is performed by an external 'xiaohongshu MCP' tool provided by the OpenClaw agent environment; the included scripts do not perform network I/O and only generate mock data locally. This is coherent, but it means network access would occur only if the agent invokes the MCP tool or another external tool — review the agent/tool behavior before running.
- Install Mechanism
- okNo install spec; instruction-only with small JS scripts. Nothing is downloaded or extracted during install; risk from install mechanism is minimal.
- Credentials
- okNo required secrets or credentials. One optional env var (XHS_MAX_RESULTS) controls fetch count. package.json declares only fs:write:output. No disproportionate environment or credential requests.
- Persistence & Privilege
- okalways is false, agent invocation is normal. The skill only writes to its own output directory and does not modify other skills or system configuration.