v1.0.0

Vinplezhang Xiaohongshu Publisher

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:15 AM.

Analysis

The skill is coherent and approval-gated for Xiaohongshu posting, but users should notice that it uses a logged-in browser account, can publish public content, stores drafts, and has limited provenance metadata.

GuidanceThis skill appears safe for its stated purpose if you are comfortable letting it use a logged-in Xiaohongshu browser session. Keep the explicit review-and-approve step, verify the final post before publishing, consider a dedicated browser profile, and clear saved drafts if they contain anything private.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

After user approval, publish using browser automation... Click publish... **Never auto-publish.** Always wait for explicit user approval.

The skill can drive browser tools to publish a post, which is a high-impact action, but the artifact clearly requires explicit user approval first.

User impactIf approved, the agent can create a public Xiaohongshu post on the user's account.

RecommendationReview the generated title, body, hashtags, and cover image carefully before giving explicit publish approval.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

_meta.json

"ownerId": "kn7f25fq88zj6cpv5zfby0s0q1811876"

This owner ID differs from the supplied registry owner ID, and the artifact set also lists an unknown source with no homepage, making provenance less clear even though the included code appears purpose-aligned.

User impactIt is harder to independently verify who packaged or originated the skill.

RecommendationInstall only if you trust the registry/publisher context, and review the included files before using it with a logged-in account.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

This skill works with cron jobs for scheduled daily posting... Session: isolated agentTurn... Delivery: announce to user's channel

The skill documents scheduled invocation, which can create recurring agent activity, but it describes delivery/announcement and does not remove the no-auto-publish approval gate.

User impactA scheduled setup could repeatedly generate draft posts or review messages.

RecommendationIf using cron, ensure the schedule only drafts or announces content unless you explicitly approve each publication.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

access to a browser with the user logged into 小红书 creator portal

The workflow relies on an existing logged-in browser session for the user's Xiaohongshu creator account.

User impactThe agent can act through the logged-in Xiaohongshu creator session during the publishing workflow.

RecommendationUse a dedicated browser profile or sandbox where possible, keep the account session limited to the intended service, and confirm each publish action yourself.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Save draft to `memory/xiaohongshu-draft.md`

The skill intentionally stores draft content in a memory path, which may persist across turns or be reused later.

User impactDraft content could remain available after the immediate posting task.

RecommendationAvoid putting private information in drafts, and delete or overwrite the memory draft after use if the content is sensitive.