Back to skill
Skillv1.0.0
ClawScan security
小红书长文发布 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 7:58 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions are consistent with its stated purpose (automating Xiaohongshu long-form publishing) and request no unrelated credentials or installs.
- Guidance
- This skill appears to do what it says: drive a browser to publish content on creator.xiaohongshu.com. Before installing, verify you trust the local skill files (they're included here), and run it first with a test/dummy account. Ensure the OpenClaw browser automation service and the browser session are secured (don't use a shared or high-privilege account). Note the code requires a logged-in account in the browser — the skill will act with that account's privileges even though it doesn't request credentials. Optionally inspect index.js yourself (it contains only stubbed browser action functions; it also imports child_process.execSync but does not call it) and confirm no hidden network endpoints or unexpected commands are added before using in production.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md, README, and index.js all describe a browser-automation workflow to publish long-form notes on Xiaohongshu; required resources (browser automation, logged-in account) match the purpose and no unrelated credentials or services are requested.
- Instruction Scope
- okSKILL.md and USAGE.md limit runtime actions to navigating creator.xiaohongshu.com and performing UI interactions (fill title/content, click publish). Instructions do not ask the agent to read arbitrary files, access unrelated env vars, or transmit data to third-party endpoints.
- Install Mechanism
- okNo install specification or external downloads are present; this is an instruction-only skill with a small local index.js. No archive downloads or untrusted URLs are used.
- Credentials
- noteThe skill requires a logged-in Xiaohongshu creator account in the browser but does not request credentials or environment variables. Note: the automation will act with whatever account is currently logged into the browser — so its effective privileges are those of that account.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide changes or access to other skills' configs. disable-model-invocation is false (normal), so an agent could invoke the skill autonomously if allowed by agent policies.