ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

xiaohongshu-search

v1.0.0

小红书内容搜索工具。通过 browser 工具操控已登录的 Chrome,搜索小红书公开笔记,提取标题、正文、话题标签、点赞数,分析消费趋势。用于市场调研中的消费者趋势研究。

0· 91·0 current·0 all-time
by@amostafoya-pixel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description match the instructions: the SKILL.md tells the agent to drive a browser to search Xiaohongshu and extract titles, content, tags, and likes. However, the skill depends on an already logged-in Chrome instance with remote debugging enabled (documented only in SKILL.md), which is a broad capability beyond a simple public-search scraper and is not declared as a requirement in the registry metadata.
!
Instruction Scope
Instructions explicitly require connecting to Chrome's remote debugging endpoint and driving the browser to load pages and evaluate DOM scripts. While scraping public pages is within scope, controlling a logged-in Chrome gives access to cookies, other sites, and private account data — the SKILL.md does not constrain or limit this, so the runtime instructions could be used to read or exfiltrate data beyond the stated purpose.
Install Mechanism
No install spec and no code files are present (instruction-only skill). This minimizes disk-write/installation risk; there are no external downloads or package installs to review.
!
Credentials
No environment variables or credentials are declared, which is coherent. However, the skill requires Chrome to be launched with --remote-debugging-port, which effectively grants the skill access to the browser profile and session information (cookies, stored auth). That capability is high-impact relative to the simple scraping task and is not surfaced as a credential or config requirement in the manifest.
Persistence & Privilege
always is false and there are no persistent config changes requested. The skill can be invoked autonomously (default), and combined with browser control this increases the potential blast radius if the agent runs without supervision — this is expected behavior for skills but worth noting as a risk factor here.
What to consider before installing
This skill does what it says (search and scrape Xiaohongshu) but requires Chrome to be started with remote debugging and assumes a logged-in browser profile. That arrangement can expose cookies and other private session data to the agent. Before installing or running: (1) avoid pointing the skill at a Chrome instance that is logged into your real accounts — use a throwaway profile or dedicated browser profile. (2) Launch Chrome with remote debugging bound to localhost only and firewall/block network access to the debugging port so remote attackers cannot connect. (3) Prefer running this skill in an isolated VM/container with no sensitive profiles. (4) If you must use your main profile, require explicit manual review before each run and limit autonomous invocation. (5) If you need stronger assurances, request the author to declare the remote-debugging requirement in the manifest and to add explicit limits (e.g., only access xiaohongshu.com) so the agent cannot navigate other sites or evaluate arbitrary pages.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bscekyzjgvf9tvwvbp7m96183gdz3researchvk97bscekyzjgvf9tvwvbp7m96183gdz3social-mediavk97bscekyzjgvf9tvwvbp7m96183gdz3trendsvk97bscekyzjgvf9tvwvbp7m96183gdz3xiaohongshuvk97bscekyzjgvf9tvwvbp7m96183gdz3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

小红书搜索 Skill

前置条件

browser 工具需要 Chrome 开启远程调试模式:

chrome.exe --remote-debugging-port=9222

搜索流程

Step 1:搜索关键词

在发现页搜索框输入关键词:

browser type <搜索框ref> "<关键词>"
browser press <搜索框ref> Enter

或者直接访问搜索结果 URL:

browser open "https://www.xiaohongshu.com/search_result?keyword=<关键词>&source=web_explore_feed"

Step 2:等待并获取快照

browser wait "<selector>" --load networkidle
browser snapshot

Step 3:提取内容

从 snapshot 中提取:

  • 笔记标题和链接
  • 作者昵称
  • 点赞/收藏数

Step 4:读取单篇笔记正文

点击进入详情页:

browser click <ref>
browser wait "#detail-content" --load networkidle
browser evaluate --fn "() => ({
  title: document.querySelector('.title')?.innerText,
  author: document.querySelector('.author')?.innerText,
  content: document.querySelector('#detail-content')?.innerText,
  tags: Array.from(document.querySelectorAll('.hashtag')).map(el => el.innerText),
  likes: document.querySelector('.like-wrapper .count')?.innerText
})"

消费趋势研究示例

关键词2025消费趋势社区商业新中式亲子餐厅

操作序列

browser open "https://www.xiaohongshu.com/search_result?keyword=2025消费趋势&source=web_explore_feed"
browser wait ".note-item" --load networkidle
browser snapshot

输出格式

【小红书趋势搜索】关键词:2025消费趋势

📌 热门笔记:
1. [标题] @作者 - 👍N
   摘要...
2. [标题] @作者 - 👍N
   摘要...

🏷️ 高频话题:#消费趋势 #2025 #...

💡 趋势洞察:
- (AI 综合分析这段趋势,可用于商业定位参考)

在商业市调报告中的应用

整合到 shangyecehua.skill Step 1 数据收集中:

【补充】小红书趋势研究:
browser 搜索 "<城市> <业态> 消费趋势" 或 "<业态> 探店"
→ 提取消费者偏好、热门话题、新兴业态
→ 作为商业定位和业态规划的参考

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…