ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Xiaohongshu Deep Research

v1.2.1

Deep research on Xiaohongshu (小红书) topics. Use when user wants to research a topic, analyze trends, gather insights from top posts, or produce a summary repo...

10· 5.4k·47 current·50 all-time
byAndy Xie@palmpalm7
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the instructions: the skill performs keyword expansion, searches via an API, sorts by engagement, and writes a report. The declared requirement (xiaohongshu-mcp running and a logged-in Xiaohongshu account) is consistent with the stated functionality.
Instruction Scope
SKILL.md instructs the agent to call local API endpoints (http://localhost:18060), create directories under the user's home (~/xiaohongshu-research/...), save raw JSON, and process it with jq. It does not instruct reading unrelated system files or exfiltrating data to remote endpoints. Note: the skill relies on the external local service to access your Xiaohongshu account/session — that service, not the skill text, could access cookies or network resources.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is downloaded or written by the skill itself.
Credentials
The skill requests no environment variables or credentials itself. It does require a logged-in Xiaohongshu account and a running xiaohongshu-mcp service (local proxy) which is a reasonable, proportional dependency for the described task.
Persistence & Privilege
always:false and user-invocable:true (normal). The skill does not request permanent platform presence or claim to modify other skills or system-wide configs. It will write output files under the user's home directory as documented.
Assessment
This skill is internally consistent, but before installing or running it: 1) Verify the xiaohongshu-mcp service is from a trusted source (the SKILL.md references xpzouying/xiaohongshu-mcp) — inspect that project's code and deployment instructions. 2) Understand the local proxy will use your logged-in Xiaohongshu session (cookies/tokens) — run it in a trusted or isolated environment if you have concerns. 3) Expect the skill to create files under ~/xiaohongshu-research/... and to only use search-result metadata (post bodies and comments are not available). 4) If you don't control or trust the local service, do not provide account credentials or start it on a machine with sensitive sessions. If you want higher assurance, request the upstream repo and verify network activity and storage behavior of xiaohongshu-mcp before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk977atjg7bz2240zjbfrcp38zs821h63

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments