Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Xiaohongshu automation) matches the content of SKILL.md: instructions for logging in, publishing posts, batch operations, and analytics. The declared manifest contains only SKILL.md and documentation, and there are no unexpected environment variables, binaries, or external services required beyond the website (xiaohongshu) and optional browser tooling.
Instruction Scope
The runtime instructions ask the user to perform browser-based login and save a session file (cookies) under the skill workspace, install selenium/webdriver-manager if needed, and optionally install an 'OpenClaw Browser Relay' extension. These behaviors are expected for browser automation but do require storing sensitive session data (session.json, browser profile). The SKILL.md references absolute paths under /root/.openclaw which are templates and may be inappropriate if run as a non-root user; otherwise the instructions do not request access to unrelated system files or network endpoints beyond xiaohongshu, the Chrome Web Store, and the local OpenClaw browser.
Install Mechanism
There is no install spec or packaged code to download — the skill is instruction-only (lowest install risk). The only install activity suggested is user-run: pip install selenium webdriver-manager and installing a Chrome extension from the Chrome Web Store; these are normal for browser automation but are initiated by the user, not automatically fetched by the skill.
Credentials
The skill declares no required environment variables or primary credential. It does instruct storing a session file and a browser profile in the workspace, which is necessary for cookie-based automation; this is proportionate to the stated purpose but carries the usual sensitivity around stored session cookies.
Persistence & Privilege
always is false and the skill is user-invocable. There is no indication the skill forces persistent installation or modifies other skills or global agent configs. It does expect writing session.json and profile data in its own workspace (normal for automation).
Assessment
This skill is coherent with its stated purpose, but before installing or using it: (1) review where session.json and browser profile files will be stored and protect them — they contain authentication cookies that could grant account access; (2) avoid running these steps as root and prefer a dedicated user directory; (3) inspect any scripts (publish.py, login.py) before running to confirm they do only the actions you expect; (4) be cautious when installing browser extensions (verify the extension's publisher and permissions); (5) understand automated posting can violate Xiaohongshu's rules and risk account penalties; and (6) verify the skill source/repository (the metadata points to an internal domain and the package has no homepage) and only proceed if you trust the origin.Like a lobster shell, security has layers — review code before you run it.
automationvk9721f7jsxn194r7sc3ndydhqn8237dwlatestvk9721f7jsxn194r7sc3ndydhqn8237dwsocial-mediavk9721f7jsxn194r7sc3ndydhqn8237dwxiaohongshuvk9721f7jsxn194r7sc3ndydhqn8237dw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.