Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Xhs Autopilot
v1.0.1Red (Xiaohongshu) Full-Autonomous AI-Native Workflow Alchemy System. 30-min operation loop with self-improvement.
⭐ 0· 162·0 current·0 all-time
by崔之行@changer-changer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a Xiaohongshu full‑autonomous workflow and references many local scripts (scripts/*) and memory directories (xhs-memory/). That capability (automated publishing using an existing logged‑in Chrome) is internally coherent with the described purpose. However, the skill bundle does NOT include the referenced scripts or an install spec that would provide them. Expecting to run scripts that are absent is an incoherence: the skill assumes a larger codebase and local state that are not provided by this package, which could lead the agent to search, download, or execute unexpected code.
Instruction Scope
The runtime instructions direct the agent to access local files and directories (xhs-memory/, workspace/MEMORY.md, performance_data/), connect to a local Chrome CDP on localhost:9222 (to inherit user's login/session), take screenshots, scrape likes/comments, spawn sub-agents, and run/execute local scripts (python3 scripts/autopilot/run.sh, etc.). These actions access sensitive local state (browser cookies, logged-in session) and could autonomously publish content. Those actions are relevant to the stated purpose but are broad and invasive for an instruction-only skill with no embedded code or provenance.
Install Mechanism
There is no install specification (instruction-only skill), so nothing is written or downloaded by the skill bundle itself. This is low risk from an install vector perspective, but it means the agent will attempt to run local scripts or rely on the user's environment to provide missing components.
Credentials
The skill declares no required env vars, but the instructions implicitly require: an accessible Chrome CDP at localhost:9222, an active Xiaohongshu login in that browser, and writable local memory directories. Access to a user's browser session and local files is sensitive and should be explicitly declared — the omission reduces transparency and is disproportionate without clear provenance or included scripts.
Persistence & Privilege
always:false (default) and model invocation is allowed (default). The skill describes an autonomous 30‑minute loop and persistent memory files under xhs-memory/; while it does not force inclusion via always:true, autonomous operation combined with access to a logged-in browser/session increases the practical blast radius. The skill does not request system-wide config changes or other skills' credentials.
What to consider before installing
This skill is functionally coherent for automating Xiaohongshu activity, but it has several red flags: (1) the package does NOT include the scripts it tells the agent to run — ask the author or expect the agent to look elsewhere for code, which is risky; (2) it relies on connecting to your local Chrome CDP (localhost:9222) to inherit login state — that gives the agent the ability to act as you on Xiaohongshu; (3) it will read and write local memory directories and may publish automatically every 30 minutes.
Before installing or enabling this skill: review and obtain the actual scripts the skill expects; run it only in an isolated environment or a dedicated browser profile with no sensitive accounts logged in; disable autonomous invocation if you want manual control; backup your workspace and avoid giving it access to your primary browser profile; and only proceed if you trust the skill's author/source and have inspected any referenced scripts. If you can't get the referenced scripts or provenance, treat the skill as high risk and avoid enabling autonomous execution.Like a lobster shell, security has layers — review code before you run it.
latestvk97c7ak25xetpaa88yaykkw9as834n42
License
MIT-0
Free to use, modify, and redistribute. No attribution required.