ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

小红书自动发布工具包 (Xiaohongshu Publish Kit)

v1.2.0

Complete toolkit for publishing content to Xiaohongshu (小红书). Includes automated browser control, image generation, content formatting, and full publishing p...

0· 119·0 current·0 all-time
by@siaslfs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (Xiaohongshu publishing) matches the scripts provided: browser automation, cover generation, content formatting and publishing. However the package relies heavily on an OpenClaw/browser CLI (scripts call 'browser' or 'openclaw browser' extensively), yet the registry metadata only lists python3 as a required binary and declares no required config paths. That mismatch (implicit requirement for openclaw/browser and access to browser profiles) is unexpected and should have been declared.
!
Instruction Scope
Runtime instructions and scripts perform browser automation as described, but they also read and write browser user-data (Path.home()/'.openclaw/browser/openclaw/user-data'), create backups in /tmp, and offer automated restore. Those operations access sensitive session data (cookies, tokens) which is coherent with keeping login persistent but is sensitive and not declared. Several subprocess.run calls use shell=True with commands constructed from string interpolation (e.g., cover generation and example runner), which introduces command-injection risk if untrusted inputs are passed. The SKILL.md and scripts also advise adding crontab or running a daemon for periodic keepalive — that gives the code long-lived execution on the host if the user enables it.
Install Mechanism
This is instruction- and script-based (no install spec). That is the lowest install risk category. No remote download URLs or package installers are supplied by the skill itself.
!
Credentials
The skill declares no required env vars or config paths, but the scripts implicitly access and modify user configuration and data paths (e.g., ~/.openclaw/browser/openclaw/user-data, /tmp/xiaohongshu_session_backup). Copying and restoring that directory gives access to browser session cookies and other sensitive data. The lack of explicit declaration of those config path requirements is an inconsistency. No external API keys are requested.
Persistence & Privilege
The skill itself is not forced always: true and does not autonomously enable persistence. However the included setup script offers to add a crontab entry or run a daemon (login_keeper) which, if the user consents, will give persistent, periodic execution and repeated access to the user's browser profile. This persistent behavior is user-driven (not automatic) but is powerful and should be enabled only after review.
What to consider before installing
What to consider before installing or enabling this skill: - Verify OpenClaw/browser availability: The code expects a browser CLI (openclaw / browser) though the registry only lists python3. Do not install or run until you confirm you have a trusted OpenClaw/browser binary and understand what it controls. - Session data is accessed and backed up: login_keeper.py and publish.py copy your browser user-data (~/.openclaw/browser/openclaw/user-data) to /tmp/xiaohongshu_session_backup and can restore it. That directory contains cookies and authentication data; treat it as sensitive. If you enable backups, secure or delete backups when not needed. - Persistent operation is optional but powerful: setup_keepalive.sh can add a crontab or run a daemon that periodically drives your browser and backups. Only enable this if you trust the code and accept long-lived automation operating on your account. - Command injection / shell usage: The scripts run subprocesses with shell=True and interpolate strings into shell commands (e.g., cover generation and example runner). If you ever pass untrusted input into titles, content, file paths, or other arguments, it could be abused. Consider hardening code (avoid shell=True, use list args) or sanitize inputs before use. - Review and test locally / sandboxed: Inspect scripts (especially login_keeper.py, publish.py, cover_generator.py, setup_keepalive.sh). Run them in an isolated environment or VM with a throwaway browser profile to confirm behavior before using them with your real account. - Least privilege and file permissions: Do not run as root. Restrict access to /tmp backups (chmod) if you enable backups. Manually inspect and remove any backup files after testing. - Notifications and extensions: The code has placeholder hooks for sending notifications to external services; do not wire any remote endpoints (Telegram, email, webhooks) until you audit any code you add. If you want, I can point out the exact lines/functions that perform session copying, subprocess shell execution, and crontab modification so you can review them more quickly.

Like a lobster shell, security has layers — review code before you run it.

latestvk975777gwfxht553pkq7bzs4zd832bxg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📕 Clawdis
Binspython3

Comments