ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Xhs Cover Skill

v3.0.0

生成小红书风格封面图片。使用场景:(1) 用户要求生成小红书封面 (2) 用户要求生成社交媒体封面图 (3) 用户为笔记/文章生成配图 (4) 用户询问 credit 余额或生成历史。首次使用会自动引导注册。

1· 2.3k·3 current·3 all-time
by@xwchris

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xwchris/xhs-cover-skill.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Xhs Cover Skill" (xwchris/xhs-cover-skill) from ClawHub.
Skill page: https://clawhub.ai/xwchris/xhs-cover-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install xhs-cover-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install xhs-cover-skill
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and runtime instructions all describe invoking the xhscover CLI to generate Xiaohongshu-style covers. Requiring npx (to run the npm CLI package) and calling api.xhscover.cn are coherent with that purpose.
Instruction Scope
SKILL.md directs the agent to run 'npx xhscover' commands (generate, balance, history, setup). It explicitly states the API key and cover text will be sent to api.xhscover.cn — this is within scope for a cloud-based image-generation CLI but is important privacy-relevant behavior the user should be aware of.
Install Mechanism
No install spec; skill is instruction-only and includes a small wrapper script that execs 'npx xhscover'. That is low-risk from the skill bundle perspective. Note: npx will fetch/execute code from the npm registry at runtime (normal for npm CLIs).
Credentials
The skill declares no required env vars and no unusual config paths. The README/SKILL.md indicate the CLI will register and store an API Key in ~/.xhscover and will transmit that key and user-provided text to the service — this is proportionate to the stated functionality but is sensitive and worth user attention.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It does not modify other skills or system-wide configs (aside from the CLI's own storage of an API Key, which is expected).
Assessment
This skill is coherent: it runs the xhscover npm CLI via npx and sends your API Key and the cover text to api.xhscover.cn for generation. Before installing or using it, confirm you trust the xhscover service and the npm package (review the package source on GitHub and npm). Be aware that: (1) the CLI will store an API Key locally (README says ~/.xhscover); (2) any text you provide will be transmitted to the remote service; (3) npx will fetch and execute code from npm at runtime, which can run arbitrary install/runtime scripts — review the npm package source or use an isolated environment if you have concerns. If the data you plan to send is sensitive, avoid using this skill or create a limited/test API key. If you want stronger assurance, inspect the upstream xhscover-cli repository code and the privacy policy of xhscover.cn before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk978m994g47qqehrwm37b5xz0184g1kj
2.3kdownloads
1stars
3versions
Updated 9h ago
v3.0.0
MIT-0
@xwchris
latest
Download

小红书封面生成器

通过 npx xhscover 生成小红书风格封面图片。首次使用自动引导注册,跨平台支持。

注意:本技能需要将您的 API Key 和封面文案发送到 xhscover.cn 服务。请确保您信任该服务后再使用。

环境要求

  • Node.js >= 18(用于 npx)

首次使用

如果未配置 API Key,运行以下命令注册并自动配置:

npx xhscover setup

注册即获 10 个免费积分。

快速使用

# 生成封面(默认 3:4 竖版)
npx xhscover generate "5个习惯让你越来越自律"

# 指定宽高比
npx xhscover generate "今日份好心情" 1:1

# 查询余额
npx xhscover balance

# 查看历史
npx xhscover history

宽高比选项

比例说明
3:4小红书标准竖版(默认)
9:16超长竖版
1:1正方形
16:9横版

数据流向

本技能通过 npx xhscover 调用 api.xhscover.cn REST API,将封面文案和 API Key 发送到服务端进行处理。

相关链接

Comments

Loading comments...