Skillv1.0.0

ClawScan security

Skill Xhs Mcp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 3:07 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are coherent with a XiaoHongShu automation skill that talks to a local MCP service, but it relies on running third‑party Node code you should review before installing.
Guidance: This skill is internally consistent with its stated purpose, but it depends on running a third‑party Node service from https://github.com/weznai/xhs-mcp-service.git. Before installing or running it: (1) review the repository (especially package.json and npm scripts) to see what npm install / npm run login execute; (2) run the service in an isolated environment (container/VM) if you don't fully trust the code; (3) be aware the service will hold session cookies/tokens and can post/modify content on your XiaoHongShu account — only run it for accounts you are willing to automate; (4) avoid running as an elevated user and inspect network activity (it should bind to localhost:18060); and (5) if you need stronger assurance, ask for the repository maintainer's identity, audit the code, or prefer an officially published package with a maintainer history.

Review Dimensions

Purpose & Capability: okThe name/description (XHS automation via MCP) matches the instructions: it expects a local xhs-mcp-service on localhost:18060 and Node.js >= 18 to provide the automation endpoints. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md limits runtime activity to installing and running the referenced xhs-mcp-service and calling its APIs (e.g., searchFeeds, likeFeed). It does not instruct reading arbitrary system files or unrelated environment variables, but it does require performing a 'login' step and will interact with account session tokens (cookies/xsec_token) — expected for this functionality.
Install Mechanism: concernThere is no packaged install; the README instructs to git clone a third-party GitHub repo and run npm install / npm run login / npm start. While GitHub is a normal source, running npm install and npm scripts executes external code (moderate risk). The skill bundle itself doesn't include the code, so you must review that repository and its npm scripts before running.
Credentials: okThe skill declares no required environment variables or external credentials. The need for a local service and session tokens is proportional to the described automation and publishing features.
Persistence & Privilege: okalways is false and the skill does not request system-wide changes or other skills' configuration. Autonomous invocation is allowed by default (normal); remember that if the agent is allowed to act autonomously, it could drive the local service to perform account actions.