Back to skill
Skillv2.0.0
VirusTotal security
小红书自动化 V2 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 6:04 AM
- Hash
- 610fc1d01163c397ae9888ef4e7fcc151c96a8430cf03090881627b2ac3f9875
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xiaohongshu-v2 Version: 2.0.0 The skill bundle is a comprehensive Xiaohongshu automation suite using Chrome DevTools Protocol (CDP). It is classified as suspicious due to a potential JavaScript injection vulnerability in `scripts/xhs/comment.py` where the `user_id` parameter is unsafely interpolated into a browser-side `evaluate` call. Additionally, `scripts/chrome_launcher.py` launches Chrome with security-weakening flags such as `--no-sandbox` and `--disable-setuid-sandbox`. While these capabilities and the broad file/network access (e.g., in `scripts/image_downloader.py`) are aligned with the tool's stated purpose, they represent a significant attack surface and risky security practices.
- External report
- View on VirusTotal