开源小红书技能
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is not clearly malicious, but it asks to manage a Xiaohongshu account broadly while credentials, sensitive data handling, and safeguards for public/account-changing actions are not clearly defined.
Use this only if you intentionally want an agent to help manage your Xiaohongshu account. Before providing credentials or allowing real actions, require confirmations for posting, deleting, replying, blacklisting, profile edits, and linked-account changes; verify that any real API implementation is reviewed, not just the mock script.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with real account access, the agent could publish or delete public content, moderate comments, or change account settings in ways that affect the user's reputation or account state.
These are high-impact public and account-changing actions. The artifacts do not specify confirmation, preview, batch limits, or rollback requirements before posting, deleting, moderating, or changing account settings.
“批量发布” ... “删除笔记: 按 ID 批量清理笔记” ... “评论管理: 查看、回复、删除评论” ... “个人资料: 修改昵称、头像、简介、背景图”
Require explicit user confirmation for every publish, edit, delete, comment, blacklist, profile, or account-linking action; default to drafts/previews and document batch limits.
A Xiaohongshu credential or session could grant broad account access without the user knowing exactly what permissions are needed or how they will be used.
The skill says account authentication is required, while the registry metadata declares no primary credential, required environment variables, or config paths. For a skill that can mutate an account, credential source, scope, and handling are under-specified.
“本技能需要有效的小红书账号认证信息才能执行操作。请确保已配置好相关的认证凭据。”
Declare the credential mechanism and required scopes, use least-privilege access where possible, and document how credentials are supplied, stored, and protected.
The agent could access or act on private conversations and detailed engagement data without clear data-minimization boundaries.
Private messages and interaction details can contain sensitive user and third-party data. The artifacts do not define which messages/data may be read, what is exposed to the agent, or whether anything is retained.
“私信管理: 查看和回复私信” ... “互动详情: 评论、点赞、收藏的详细数据”
Ask for explicit approval before reading or replying to private messages, minimize retrieved data, redact sensitive content where possible, and state retention and sharing rules.
A user may believe real publishing or account management occurred, or may over-trust the skill's completeness.
The included script is a simulation, while SKILL.md describes complete Xiaohongshu management capabilities. This is not malicious by itself, but users should not assume the advertised real API behavior or safety controls are implemented.
“上传图片到小红书服务器(模拟)” ... “由于模拟演示,我们返回虚拟 URL”
Clearly label unsupported/mock behavior, remove unsupported capability claims, or provide reviewed real API implementation details.