Back to skill
Skillv1.0.0
ClawScan security
xhs-content · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 1:19 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions match its stated purpose (generating Xiaohongshu-style Chinese social posts) and contain no unexplained requests for credentials, installs, or external endpoints.
- Guidance
- This skill appears coherent and limited to generating Xiaohongshu-style content. Before installing, consider: (1) avoid pasting sensitive or proprietary text into prompts (the skill will process whatever you supply); (2) review outputs for accidental plagiarism or policy compliance if you ask it to rewrite a specific hot post; (3) since it's instruction-only, it relies on the host model—check model usage and privacy settings on your platform. No other red flags were found.
Review Dimensions
- Purpose & Capability
- okName, description, and included files (SKILL.md, references) all describe Chinese Xiaohongshu post generation; there are no unrelated required binaries, env vars, or config paths.
- Instruction Scope
- okSKILL.md provides explicit templates and guidance for generating titles, body text, tags, and image suggestions. It does not instruct reading unrelated system files, accessing hidden endpoints, or exfiltrating data. It explicitly instructs to avoid verbatim copying when mirroring hot posts.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files to write or execute; lowest install risk.
- Credentials
- okNo environment variables, credentials, or external service tokens are requested; requested scope is proportional to a text-generation skill.
- Persistence & Privilege
- okalways:false (default) and model invocation enabled (normal for skills). The skill does not request persistent system-wide privileges or modify other skills' configs.