小红书搜索雷达

PassAudited by ClawScan on May 16, 2026.

Overview

The skill matches its Xiaohongshu search purpose, but it requires a third-party API token, sends searches or note links to that API, and saves results locally.

This looks safe to use if you trust the GuaiKei API provider and are comfortable with your Xiaohongshu search terms, note URLs, and returned results being processed externally and saved in local logs. Keep GUAIKEI_API_TOKEN private and clear the logs folder when needed.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI03: Identity and Privilege Abuse

What this means

Anyone with this token may be able to use the associated GuaiKei API quota or account access.

Why it was flagged

The skill clearly requires a provider API token. This is expected for the service integration, but it is still a credential the user must protect.

Skill content

requires:
      bins: ["node"]
      env: ["GUAIKEI_API_TOKEN"]
    env_desc:
      GUAIKEI_API_TOKEN: "小红书搜索API访问令牌；私有TOKEN可通过wx 13395823479 申请"

Recommendation

Store the token only in an environment variable, do not paste it into chats or logs, and rotate it if it may have been exposed.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

Search terms, filters, and note URLs may be visible to the external API provider.

Why it was flagged

The search command sends the API token and user-provided search parameters to the configured HTTPS API provider; the detail command similarly sends note URLs.

Skill content

return await postJson(
        "/api/xiaohongshu/note-search/keyword",
        { _: Date.now(), token: token },
        { keyword, type, sort, limit },
      );

Recommendation

Use this skill only if you are comfortable sharing those queries and links with the GuaiKei API service; avoid confidential campaign terms if that is not acceptable.

Low

#ASI06: Memory and Context Poisoning

What this means

Other local users or future tasks with access to the skill directory may see previous searches and returned data.

Why it was flagged

The code automatically persists command output into a local logs directory. This is scoped and disclosed, but it retains retrieved results and user query context.

Skill content

path.join(
    path.dirname(__filename),
    "..",
    "..",
    "logs",
    safeFilename,
  );
...
await fs.promises.writeFile(outputFilename, content);

Recommendation

Review and delete the logs directory when results or search terms should not be retained.

Info

#ASI09: Human-Agent Trust Exploitation

What this means

A user could underestimate that the skill still depends on a third-party API token and external API calls.

Why it was flagged

The no-login claim is consistent with the code not using a Xiaohongshu account, but users should not read it as meaning there is no privacy or provider trust consideration.

Skill content

- 安全: 无需登录你的小红书账号，不担心风控风险 / 封号问题

Recommendation

Treat the statement as limited to Xiaohongshu account login; still review the third-party API and local logging behavior before use.