rockingland-trader-monitor
PassAudited by VirusTotal on May 1, 2026.
Overview
Type: OpenClaw Skill Name: rockingland-trader-monitor Version: 1.0.0 The skill monitors Xiaohongshu posts for keywords and sends WeChat notifications. It involves high-risk but functional behaviors such as managing sensitive browser cookies (synced in `start-mcp.sh`), executing shell scripts to manage background processes and virtual displays, and requiring the manual installation of external binaries from GitHub (xpzouying/xiaohongshu-mcp). While these capabilities are aligned with the stated purpose of monitoring a platform with anti-bot protections, the handling of authentication tokens and the reliance on external artifacts warrant a suspicious classification under the provided criteria.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the downloaded binary is replaced, compromised, or not the intended version, it could access the user's Xiaohongshu session and perform account actions.
The skill instructs users to install executable binaries from an external release page, but the artifacts provide no pinned version, checksum, signature, or install-spec declaration. Those binaries will handle the user's Xiaohongshu session.
从 GitHub Releases 下载对应平台文件: https://github.com/xpzouying/xiaohongshu-mcp/releases ... mv xiaohongshu-mcp-linux-amd64 ~/.local/bin/xiaohongshu-mcp ... chmod +x ~/.local/bin/xiaohongshu-*
Pin a specific release, publish checksums or signatures, declare the dependency in metadata/install specs, and only run binaries from a source the user has verified.
A user or agent invoking the generic helper could perform Xiaohongshu account actions beyond monitoring, such as publishing content or interacting with posts.
The helper exposes account-mutating and publishing tools even though the stated monitor only needs to fetch a user profile and read recent posts.
post_comment_to_feed - 发表评论 ... like_feed - 点赞 ... favorite_feed - 收藏 ... delete_cookies - 删除 cookies ... publish_content - 发布图文 ... publish_with_video - 发布视频
Restrict the skill-facing helper to the minimum read-only tools needed for monitoring, or require explicit user confirmation before any comment, like, favorite, delete-cookie, or publish action.
Anyone who can read or misuse those cookies may be able to act as the logged-in Xiaohongshu account.
The skill clearly discloses that it needs exported logged-in Xiaohongshu browser cookies. This is purpose-aligned, but it is sensitive account-session access.
将已登录小红书的浏览器 cookies 导出为 JSON 数组,保存到 `cookies.json` ... `a1` ... `web_session`
Use a dedicated low-risk account if possible, keep cookies readable only by the current user, rotate/revoke them if exposed, and avoid storing unrelated browser cookies in the same file.
While the service is running, local clients that can reach the MCP endpoint may be able to use the session-backed Xiaohongshu tools.
The skill starts a local MCP service that will operate with the user's Xiaohongshu session. The artifacts show a local endpoint, but do not show authentication or additional access controls for that MCP service.
nohup "$XHS_MCP" -port ":${PORT}" > "$LOG_FILE" 2>&1 & ... 端点: http://localhost:${PORT}/mcpKeep the MCP endpoint bound to localhost, stop it when not in use, and avoid running this on shared machines unless the service is authenticated or otherwise isolated.
The monitor may continue using cookies and sending WeChat notifications on the configured schedule until the cron job is removed.
The skill documents a user-configured cron job for periodic monitoring. That persistence is expected for alerts, but it means the check can keep running after initial setup.
配置定时任务 ... 5 8,12,16,20 * * * /usr/bin/python3 /path/to/xiaohongshu-trader-monitor/scripts/xhs_trader_monitor.py
Only enable the schedule after testing, document where the cron entry is installed, and remove it when monitoring is no longer needed.