Openclaw封装Skill
Security checks across malware telemetry and agentic risk
Overview
This skill matches its stated crawler purpose, but it handles login cookies and QR codes with hardcoded Feishu settings and has a chat-message-to-shell command injection risk.
Do not install this as-is. Remove and rotate the exposed credentials/cookies, configure your own Feishu app and private chat destination, fix the shell command injection, and run it only in a sandboxed environment after confirming you accept the Xiaohongshu account and automation risks.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted search keyword could potentially run arbitrary local commands as the OpenClaw process user.
The command includes the user-derived run-xhs keyword inside a shell string and then executes it with child_process.exec, rather than using a safe argv-based API.
const cmd = `"${this.pythonEnv}" "${this.pythonScript}" "${command}"`; ... exec(cmd, {Replace exec with spawn or execFile using an argument array, strictly validate keywords, and avoid invoking a shell for user-supplied text.
Users may unknowingly use or expose a fixed Feishu app identity, and the credential can be copied or abused by anyone with the package.
The skill ships what appear to be real Feishu app credentials in source code, while metadata declares no credentials.
FEISHU_APP_ID = "cli_a924d921ce7a9cbd" FEISHU_APP_SECRET = "5QG92Lp8kvhAkgpPJTd57fIxshnCebEt"
Remove hardcoded secrets, rotate the exposed Feishu secret, declare required credentials, and require each installer to provide their own app credentials through protected configuration.
A bundled session cookie can expose or reuse an account session and creates confusion about whose Xiaohongshu account the crawler is using.
The package includes Xiaohongshu session-like cookie values directly in a file used by the crawler's cookie management flow.
web_session=040069b44f17e64a0b6ebc5e8f3b4baef6566a; id_token=VjEAAAwWZA/ooRud...
Remove cookie.txt from the package, invalidate the exposed session if real, and store user-specific cookies outside the skill package with restricted permissions.
The login flow for a user's Xiaohongshu account may be exposed to a group chat or the hardcoded default chat destination.
When cookies expire, the skill captures a login QR/screenshot and uploads it to a Feishu chat.
self.bot.send_text_to_chat(self.chat_id, "⚠️ 小红书 Cookie 已过期\n📱 请查看下方截图...扫码登录") ... self.bot.send_image_to_chat(self.chat_id, self.qr_code_path)
Send login QR codes only to an explicitly user-selected private destination, require confirmation before upload, and clearly declare the destination and credential flow.
Using this skill may violate service rules or trigger Xiaohongshu account/IP risk controls.
The documentation explicitly frames browser automation as a way to bypass API limits and anti-risk controls.
浏览器模拟搜索 - 绕过API限制 ... 已设置防风控机制
Prefer official APIs or permitted access methods, document account-risk tradeoffs clearly, and require explicit user opt-in for automation that bypasses platform controls.
The installed dependency versions may change over time, which can affect security and reproducibility.
Setup requires installing Python packages and a Chromium browser runtime without pinned versions.
pip install playwright requests playwright install chromium
Pin dependency versions and provide a reviewed lockfile or reproducible install instructions.