Back to skill
Skillv1.1.0
VirusTotal security
小红书 MCP 服务 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 8:33 AM
- Hash
- 9a262d6fc7602616f032d81417f3e02f2d1ff92ac801510eadb5ffd036625081
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-xiaohongshu Version: 1.1.0 The skill bundle is classified as suspicious primarily due to the inclusion of a pre-populated 'data/cookies.json' file containing active session tokens and user IDs for a specific XiaoHongShu account, which is highly unusual and poses a security risk. Additionally, 'scripts/browser.js' initializes Puppeteer with high-risk security flags like '--disable-web-security' and '--disable-features=IsolateOrigins', while 'scripts/ensure-service.js' uses 'exec' to run shell commands for process management. While these appear intended for browser automation and service control, the presence of hardcoded credentials and broad permissions warrants caution.
- External report
- View on VirusTotal