Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Xiaohongshu Assistant Operator
v0.1.0Automates daily Xiaohongshu content creation, publishing, marketing, and engagement for creator ID 4740535877 with strict persona and promotion controls.
⭐ 0· 777·5 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description match the instructions (operating a single creator account end-to-end). However, the workflow requires account-level access (reading creator notes, submitting posts, checking the creator management page) but the skill declares no credentials, auth method, or config paths. That mismatch (wanting to perform privileged platform actions while requesting no auth) is incoherent.
Instruction Scope
SKILL.md explicitly instructs the agent to read the last 5 creator notes, submit posts (image-text mode), navigate the creator management page to validate posts, and run scheduled comment interactions. These are concrete I/O actions against an external platform but the instructions do not specify how to authenticate, what endpoints or UI automation to use, nor do they provide or include the referenced publish_strict.py script. The open-ended 'scan industry trends' step is also vague about allowed external endpoints. Overall the runtime instructions exceed what an instruction-only skill has declared.
Install Mechanism
There is no install spec and no code files beyond plain text references. That minimizes install-time risk, but also means the skill depends on the agent's existing environment (browsers, sessions, or external connectors) which is not described.
Credentials
The skill performs actions that normally require authentication tokens or browser sessions (publish, management-list checks, reading private creator notes) but declares no required environment variables or credentials. This is disproportionate: either the skill assumes implicit access to the user's Xiaohongshu account (not declared) or the SKILL.md is incomplete. Either case is a red flag.
Persistence & Privilege
always is false (normal) and autonomous invocation is allowed (platform default). Autonomous operation plus the ability to publish content increases potential impact if credentials are later supplied, but autonomy alone is not unusual — the main concern is the missing authentication/operation details combined with autonomous publishing capability.
What to consider before installing
Do not install or provide account credentials to this skill until the author clarifies how it will authenticate and execute publishing. Ask the publisher these specific questions: (1) How does the skill authenticate to Xiaohongshu? (environment variables, OAuth, stored browser session, or external service?), (2) What credentials or tokens are required and what minimal scopes/permissions are needed? (3) Where is publish_strict.py (SKILL.md references it but it isn't included)? (4) Will the skill store any credentials persistently and where? (5) Can you run the skill in a sandbox/test account first? If you must test, use a throwaway creator account with limited permissions and prefer manual-trigger mode only. Finally, confirm that automated publishing complies with Xiaohongshu's terms of service and that you trust the skill owner before granting any authentication material.Like a lobster shell, security has layers — review code before you run it.
latestvk97fwg4ejdrzfesyt2x9n6q7kx820q5f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.