xiaohongshu-cover-gen
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s image-generation workflow is mostly coherent, but it handles browser session cookies and includes an unsafe download helper that can execute unintended local code if given crafted arguments.
Review the helper scripts before running them, especially `download_image.sh`; do not pass untrusted URLs or output paths. Only use Lovart automation if it is allowed for your account, protect the `.lovart_cookies.json` file carefully, and avoid storing private drafts or secrets in the persistent design and iteration documents.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user runs this helper with a malicious URL or path, it could execute commands on the user’s machine or write files outside the intended location.
The script interpolates shell arguments directly into a JavaScript string passed to `node -e`, and also disables TLS verification. A crafted image URL or output path containing quotes could break out of the string and run arbitrary Node.js code locally.
NODE_TLS_REJECT_UNAUTHORIZED=0 node -e " ... const url = '$CLEAN_URL'; ... fs.writeFileSync('$OUTPUT', buf); ... "Pass URL and output path via `process.argv` or environment variables, properly escape inputs, validate that URLs are expected Lovart artifact URLs, constrain output paths to a safe workspace, and avoid disabling TLS unless absolutely necessary.
This could violate Lovart’s automation controls or terms, trigger account challenges, or increase the risk of account restrictions.
The skill gives explicit operational guidance for structuring browser automation to avoid or recover from hCaptcha challenges while reusing injected session cookies.
## hCaptcha 防触发规则 - 每次会话只生图 **1-2 张** - 生成完毕**立即关闭浏览器** - 下次:重新打开 → 注入 cookies → 生图 - 触发 hCaptcha → 关浏览器,等 5 分钟,重新开始
Use Lovart automation only where permitted, prefer official APIs or normal interactive login flows when available, and stop for user review when captcha or account-protection checks appear.
Anyone who obtains the cookie file may be able to access the user’s Lovart session until the token expires.
The skill requires handling Lovart session cookies, including a JWT, to authenticate browser automation. This is disclosed and scoped to Lovart, but it is still sensitive account material.
导出以下 3 个关键 cookies:`usertoken` | JWT 认证令牌 ... `useruuid` ... `webid` ... 保存为 JSON 文件(如 `.lovart_cookies.json`)
Use a dedicated Lovart account if possible, store `.lovart_cookies.json` outside shared folders, never paste cookies into public chats or logs, and delete or refresh cookies after use.
Users may not see all required local tooling and dependency changes before installing or invoking the skill.
The README documents runtime dependencies, including an unpinned Pillow install and required local tools, while the registry metadata declares no required binaries or install spec.
`pip install Pillow` ... `agent-browser` ... `Node.js | JWT 检查 + 图片下载 | ✅`
Declare Node.js, Python/Pillow, and agent-browser requirements in metadata or install documentation, and consider pinning Python dependencies.
Persistent notes could retain unpublished post content, brand preferences, screenshots, or links longer than intended, and future outputs may rely on stale or unreviewed entries.
The workflow encourages persistent project notes and aesthetic libraries that may be reused in later tasks.
使用这个 Skill 时,你需要在项目中创建自己的 `aesthetic-library.md`,按本模板的格式记录。... 每次调研后更新
Keep persistent libraries free of secrets and sensitive drafts, review entries before reuse, and separate public design inspiration from private client or account information.