v2.0.0

小红书自动化 V2

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:36 AM.

Analysis

This is a disclosed Xiaohongshu automation bot, but it can log in, persist your session, bypass platform detection, and publish or interact publicly from your account.

GuidanceInstall only if you intentionally want an agent to operate a Xiaohongshu account. Use a dedicated account/profile, approve every post/comment/like/favorite explicitly, inspect dependency requirements, run it only on a trusted machine, and clear stored cookies/profile data when finished.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

内容发布 - 图文发布、视频发布、长文发布 ... 社交互动 - 评论、回复、点赞、收藏 ... 反检测机制 - 模拟真实用户行为，绕过平台检测

The skill explicitly enables public posting and social engagement from a logged-in account and includes behavior intended to bypass platform automation detection.

User impactIf used carelessly, an agent could publish content or interact socially from the user's Xiaohongshu account, affecting reputation, account standing, or compliance with platform rules.

RecommendationRequire explicit user approval and content/target preview before every publish, comment, reply, like, or favorite action; use a dedicated account where possible.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusNote

scripts/chrome_launcher.py

args = [chrome_bin, f"--remote-debugging-port={port}", f"--user-data-dir={user_data_dir}", *STEALTH_ARGS] ... subprocess.Popen(args, ...)

The skill starts a local Chrome process with a CDP debugging port and a persistent user-data directory; this is expected for the stated CDP automation purpose but expands the local browser control surface.

User impactA local Chrome instance with debugging enabled and a logged-in profile is more sensitive than ordinary browsing.

RecommendationRun only on a trusted machine, keep the debugging port local, close Chrome when done, and avoid root/no-sandbox operation unless strictly necessary.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

依赖 - Python 3.10+ - Google Chrome 120+ - 见 `requirements.txt`

The artifact references requirements.txt, but the manifest does not include that file and there is no install spec, leaving dependency versions/pins unclear.

User impactUsers may need to install dependencies without artifact-provided pins or provenance.

RecommendationVerify dependencies manually, prefer pinned package versions from a trusted source, and review the scripts before installing missing packages.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

认证登录 - 二维码登录、手机号验证码登录 ... Cookie 持久化 - 登录状态自动保存，下次免登录

The skill uses authenticated Xiaohongshu sessions and persists login state, while the registry metadata declares no primary credential or required config path.

User impactStored sessions may let future runs act as the logged-in user without re-authentication.

RecommendationTreat this as account-level access: use a dedicated browser profile/account, review stored files under ~/.xhs, and run delete-cookies/logout when finished.