ClawHub

Xiaohongshu Video Finder

v1.0.1

Find fresh, viral Xiaohongshu videos by niche with filters for type, date, and popularity, and extract URLs with valid xsec_token for repurposing.

0· 571·1 current·1 all-time
byTravis Li@travislius
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the instructions: the skill uses a managed browser to search Xiaohongshu, apply filters, pick videos, and extract URLs containing xsec_token. It does not request unrelated binaries, env vars, or installs.
Instruction Scope
SKILL.md explicitly instructs the managed browser to log in (QR scan), search, apply filters, open videos, and copy full URLs including the xsec_token. This is within the stated purpose but involves extracting session/token data from a logged-in session and copying links to the clipboard — actions that are sensitive and should be limited to intended workflows.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install surface. Nothing is downloaded or written to disk by the skill package itself.
Credentials
No environment variables, credentials, or config paths are requested. The instructions do rely on an authenticated managed browser session, which is necessary for the described functionality.
Persistence & Privilege
always:false and no install means the skill does not request elevated persistence. However, because it expects to operate in a logged-in managed browser, allowing autonomous invocation could let the agent use that session to perform actions or extract tokens; consider limiting autonomous runs or ensuring the managed browser session is appropriately scoped.
Assessment
This skill appears to do what it says: automate a logged-in browser to find Xiaohongshu videos and grab URLs that include xsec_token. Before installing, confirm you trust the skill source (no homepage provided), avoid long-lived/multi-purpose logins in the managed browser while the skill is enabled, and consider disabling autonomous invocation or testing in a sandbox. Be aware that xsec_token values are session-linked and can enable downstream download tools — only extract/share them if you have the right to repurpose the content and it complies with service terms and copyright.

Like a lobster shell, security has layers — review code before you run it.

latestvk9798hcyhawfv3whh7jabxhayh81ymwm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments