xiaohongshuskills
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is broadly consistent with Xiaohongshu automation, but it can use a logged-in browser to publish/comment and read account data beyond the advertised three tasks, so it should be reviewed before installation.
Install only if you want an agent to control a Chrome session logged into Xiaohongshu. Use a dedicated profile/account, keep cookies private, avoid remote CDP and --auto-publish unless explicitly intended, and review every post or comment before it is sent.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user installing it for posting may also be granting the agent ability to interact publicly and read account-specific Xiaohongshu data.
The declared description emphasizes three publish/test tasks, but the same skill authorizes logged-in account actions and account-data access such as commenting, notifications, and analytics.
description: ... 支持三类任务:发布图文、发布视频、仅启动测试浏览器(不发布) ... 用户要求“搜索笔记 / 找内容 / 查看某篇笔记详情 / 查看内容数据表 / 给帖子评论 / 查看评论和@通知”:进入内容检索与互动流程 ... content-data 获取曝光/观看/点赞等指标。
Declare these extra account capabilities prominently and require explicit per-action user authorization for comments, notification access, and analytics export.
If invoked incorrectly, the skill could publish content under the user’s account without a final review step.
This exposes a path for a public posting action that explicitly skips a confirmation step, which is high-impact in an agent-controlled account automation workflow.
--auto-publish 自动点击发布(跳过确认)
Do not use --auto-publish unless the user explicitly requests it after reviewing the final title, body, and media; add a mandatory confirmation gate for all public posting/commenting actions.
Anyone or any process with access to the Chrome profile could potentially reuse the Xiaohongshu session.
The skill relies on persistent browser cookies/session state for Xiaohongshu login. This is disclosed and locally stored, but it is still sensitive account authority.
登录安全:Cookie 存储在本地 Chrome Profile 中,请勿泄露
Use a dedicated account/profile, keep the profile directory private, and remove profiles when no longer needed.
Connecting to the wrong or exposed debugging endpoint could let the automation act in an unintended browser session.
Remote CDP allows the scripts to control a browser over a debugging endpoint. This is disclosed and user-directed, but the endpoint identity and session boundary must be trusted.
远程 CDP 支持:可通过 `--host` / `--port` 连接远程 Chrome 调试端口
Prefer local CDP, avoid exposing Chrome debugging ports, and only use remote hosts you control and trust.
Installation behavior may change over time as dependency versions change.
The dependencies are not pinned to exact versions, so future installs may resolve to different package versions.
requests>=2.28.0 websockets>=12.0
Install in a virtual environment and consider pinning known-good dependency versions before production use.