Skillv2.1.0

ClawScan security

小红书笔记批量下载 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 26, 2026, 2:16 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions align with its stated purpose (automating downloads from a logged-in Chrome session via the DevTools Protocol); nothing requested is disproportionate, but it does require access to your local Chrome debugging port and will read in-page JS state so review before use.
Guidance: This script is coherent with its stated goal but connects to your local Chrome debugging port and runs JavaScript inside the browser context — it therefore can access anything available in that browser session (including tokens and page data). Before running: (1) inspect the Python code yourself (or run it in a disposable profile) to ensure it only extracts content you expect; (2) avoid running while your primary browser profile (with other accounts) is exposed; (3) don't enable remote debugging on a machine/network you don't control; (4) confirm the download of content complies with Xiaohongshu's terms; and (5) run with least privilege (don't run as root). If you want stronger isolation, create a separate Chrome profile, sign into only the target account there, and enable remote debugging on that profile only.

Review Dimensions

Purpose & Capability: okThe skill says it will automate downloads from Xiaohongshu using Chrome DevTools Protocol and the SKILL.md instructs exactly that: connecting to localhost:9222, targeting a Chrome tab, evaluating DOM/JS and downloading images and text. Required inputs (profile_id, tab_id, save directory) and recommended Python packages are coherent with that purpose.
Instruction Scope: okInstructions are focused on controlling a local Chrome tab via CDP, extracting DOM nodes and window.__INITIAL_STATE__, and downloading images/text. Accessing in-page JS state (xsecToken) is necessary for constructing detail URLs but is also capable of exposing other in-page/session data — the script as provided only uses it for tokens and content extraction.
Install Mechanism: okThis is instruction-only (no install spec). The README recommends pip installing websocket-client and requests, which is proportionate and typical for running the provided Python script. No external archive downloads or execution of fetched code are instructed.
Credentials: okNo environment variables or external credentials are requested. The script intentionally requires an already-logged-in Chrome instance with remote debugging enabled because it leverages the browser session; that access is proportional to the claimed functionality but has privacy implications (it can read data available to the browser).
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent system privileges or modify other skills/config. It runs a one-off Python script against a user-specified Chrome debugging endpoint, which is appropriate for the task.