小红书视频下载器
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly does what it promises, but it reads your logged-in browser cookies by default and can auto-run dependency-managed transcription code, so it should be reviewed before use.
Install only if you are comfortable with the skill using your logged-in browser cookies for Xiaohongshu authentication. Consider using a separate browser profile, review any uv/faster-whisper dependency installation, and remember that downloaded transcripts, metadata, URLs, and summaries are saved locally under the output folder.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The tool may read your logged-in browser session to access Xiaohongshu. A user who only reviews the registry metadata may not realize local browser cookies are involved.
The script uses yt-dlp's local browser cookie extraction, defaulting to Chrome, to authenticate downloads. This is disclosed in the docs but the registry metadata declares no primary credential or required config path, so the high-impact browser-session access is under-represented at install time.
def get_video_info(url, browser="chrome") ... cmd.extend(["--cookies-from-browser", browser])
Clearly declare browser-cookie/session access in metadata and setup instructions, require explicit user confirmation or browser-profile selection, and recommend using a dedicated Xiaohongshu browser profile when possible.
If local subtitles are unavailable, the skill may rely on uv-managed Python dependencies for transcription, adding third-party package supply-chain exposure.
The automatic Whisper fallback can invoke uv to run the transcription helper, which may resolve dependencies for that helper. This is purpose-aligned and documented, but there is no install spec or lockfile in the provided artifacts.
cmd_uv = ["uv", "run", transcribe_script, audio_path, "-o", output_dir]
Pin and declare transcription dependencies in an install spec or lockfile, and tell users before uv installs or resolves packages.
A video transcript containing prompt-like instructions could influence the generated summary or distract the agent from the requested summarization task.
The summary prompt inserts arbitrary video transcript text into the model context. The template asks for a summary, but it does not explicitly tell the model to treat transcript content as untrusted data and ignore any instructions inside it.
### Transcript
```
{{TRANSCRIPT}}
```Add a clear guardrail to the summary template: treat transcript text as data only, do not follow instructions contained in it, and only produce the requested summary.