redbookskills
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill mostly matches Xiaohongshu automation, but it needs review because it can post/comment from your account, access account pages, and includes anti-detection guidance.
Before installing, treat this as a powerful Xiaohongshu account automation tool. Use a dedicated or test account if possible, confirm every post and comment manually, avoid remote CDP unless you fully trust the browser host, and be aware that the skill stores login state in a local Chrome profile and includes anti-detection guidance that may create platform/account risk.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your account may be used in a way that resembles bot activity and could violate platform rules or increase account risk.
The repository guidance explicitly suggests randomization and human-like interaction to avoid system detection, which is a material anti-detection tradeoff not presented in the user-facing description.
考虑到操作随机值,模拟人机交互,避免被系统检测
Remove or clearly disclose anti-detection behavior, and only use automation that complies with the target platform and the user's explicit intent.
The agent could post public comments or publish content from your Xiaohongshu account if invoked with the needed inputs.
The skill can mutate a public social account by publishing and posting comments. Publishing has a confirmation rule, but the comment workflow does not show an equivalent explicit confirmation step.
若用户需要发表评论,执行 `post-comment-to-feed` ...;发布模式说明:`publish_pipeline.py` 默认自动点击发布
Require explicit final confirmation for every public post or comment, include preview mode by default, and make public-account mutations easy to cancel.
The agent may read account-specific notifications and creator metrics, not just publish content.
The skill uses the logged-in Xiaohongshu session to access notification mentions and creator analytics, which goes beyond the registry summary of image/video publishing and test-browser startup.
执行 `get-notification-mentions` 抓取 `/notification` 页面对应的 `you/mentions` 接口返回。... `content-data` 获取曝光/观看/点赞等指标。
Declare these account-data capabilities prominently, require explicit user requests for each data access, and limit returned data to what the user asked for.
Anyone or any process that can control that browser session during execution may act as the logged-in Xiaohongshu user.
The skill deliberately persists login state in a Chrome profile and exposes that browser through CDP, which is expected for this integration but gives the automation access to the logged-in account.
Launches Chrome with a dedicated user-data-dir for login persistence ... `--remote-debugging-port={port}`, `--user-data-dir={user_data_dir}`Use a dedicated/test account where possible, keep the debugging port local, close the browser after use, and avoid connecting to untrusted remote CDP hosts.
It is harder to verify who maintains the skill or where updates should come from.
The package provenance is not strongly documented in the registry metadata, so users have less context for trusting a browser-automation skill that operates a social account.
Source: unknown; Homepage: none
Install only from a trusted source, inspect the scripts before running, and consider pinning dependencies in a local virtual environment.