ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

小红书

v0.1.0

XiaoHongShu (Little Red Book) data collection and interaction toolkit. Use when working with XiaoHongShu (小红书) platform for: (1) Searching and scraping notes/posts, (2) Getting user profiles and details, (3) Extracting comments and likes, (4) Following users and liking posts, (5) Fetching home feed and trending content. Automatically handles all encryption parameters (cookies, headers) including a1, webId, x-s, x-s-common, x-t, sec_poison_id, websectiga, gid, x-b3-traceid, x-xray-traceid. Supports guest mode and authenticated sessions via web_session cookie.

11· 5k·32 current·37 all-time
by@chocomintx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description promise (searching, scraping, getting profiles, comments, likes, following, generating a1/webId/x-s/x-s-common/x-t/websectiga/gid, etc.) is implemented by the included Python modules. The included encryption, cookie, and header code matches the description and the API call modules (note/comment/note_detail/like/follow) are present. There are no unrelated cloud credentials, binaries, or install steps requested that would contradict the stated purpose.
Instruction Scope
SKILL.md stays focused on using the shipped library and shows how to create sessions, search, fetch notes, and interact (like/follow). It asks users to optionally provide a web_session cookie (expected for authenticated actions). Notes: the README/example inserts a Windows-specific absolute sys.path (C:\Users\Chocomint\.openclaw\workspace\xiaohongshu\scripts) in examples — that's a local example path and should be adapted when running in other environments. The SKILL.md and code reference only the skill's own config and files; they do not attempt to read unrelated system paths or request unrelated environment variables.
Install Mechanism
There is no install spec (instruction-only skill) and the package ships code files inside the skill bundle. The SKILL.md suggests installing a small set of Python dependencies via pip (aiohttp, loguru, pycryptodome, getuseragent) which is proportional to the task. There are no downloads from untrusted URLs or archives in an install step.
Credentials
The skill requests no environment variables or external credentials in metadata. It does expect — and the code is designed to accept — a web_session cookie (user-provided) for authenticated operations; this is appropriate for a toolkit that can act on a user account. Warning: providing your web_session cookie grants the code the ability to act on your account (follow/like/post-like actions) so treat that credential as sensitive. No unrelated secrets (AWS, GitHub tokens, etc.) are requested.
Persistence & Privilege
The skill is not always-included and is user-invocable; model invocation is permitted (normal). The skill does not request system-wide settings or modify other skills. It does ship executable Python code which will run when invoked, but it does not request elevated or persistent platform privileges beyond normal execution.
Scan Findings in Context
[base64-block] expected: The static scanner flagged a base64-like block in the skill content. This project legitimately contains multiple custom/base64 encoders/decoders and an example encoded string used by decrypt_xs_xsc.py, so presence of base64 data is expected for reverse-engineering/decryption logic. Still, base64 blocks can sometimes hide payloads — here they appear to be encoding examples used by the decryption routines.
Assessment
This skill implements reverse-engineered encryption and fingerprint logic so it can call XiaoHongShu web APIs and perform actions (search, fetch notes, get comments, follow, like). Before installing or using it: (1) Only supply your web_session cookie if you trust the code — that cookie allows authenticated actions on your account and could be abused; prefer guest mode if you only need read-only data. (2) Be aware automated likes/follows can violate platform terms and may get an account restricted — use cautiously. (3) The example SKILL.md uses a hard-coded Windows sys.path; adapt paths to your environment and run the code in an isolated Python environment. (4) Review the included code yourself (it is shipped with the skill) if you have concerns about network destinations or hidden behavior — the network endpoints referenced are XiaohongShu domains and the code does not call unknown third-party servers. (5) If you need higher assurance, run the skill in a sandboxed VM/container and do not expose real account cookies until you've audited behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dxj1rk3m8202rttg8vm3h4d80fq97

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments