Back to skill
Skillv0.1.0
ClawScan security
Xhs Login · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 7:35 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and actions are coherent with its stated purpose (managing Xiaohongshu login via QR codes and cookie clearing); it requests no credentials, no installs, and only uses reasonable fallback file/display steps.
- Guidance
- This skill appears internally consistent for QR-based Xiaohongshu login. Before installing, verify you trust the platform connector (MCP) that will actually perform the check/login operations, since the skill delegates to it. Pay attention to the delete_cookies step — it will clear the current session and should only be run after explicit confirmation. If the client falls back to saving the QR to /tmp, be aware the file can be accessible on shared machines; consider using a secure temporary directory or deleting the file after use. Finally, confirm your client/environment can render images or open the saved PNG, otherwise you'll need to open the file manually on your device.
Review Dimensions
- Purpose & Capability
- okThe name/description match the runtime instructions: checking login status, returning a QR code for scanning, and optionally deleting cookies to switch accounts. The skill does not request unrelated environment variables, binaries, or config paths.
- Instruction Scope
- noteThe SKILL.md only calls three MCP operations (check_login_status, get_login_qrcode, delete_cookies) which align with the purpose. It includes a fallback that writes Base64 image data to /tmp/xhs-qrcode.png and runs platform-specific open commands (open / xdg-open). Writing a temporary file and spawning a viewer process is expected behavior for displaying a QR code, but this does require filesystem and process execution privileges and the fallback file may be world-readable on shared systems. The SKILL.md explicitly requires user confirmation before delete_cookies, which is appropriate.
- Install Mechanism
- okNo install spec or code files are provided (instruction-only), so nothing will be downloaded or written beyond ephemeral runtime artifacts. This is the lowest-risk install profile.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The operations described (QR generation, status check, cookie deletion) do not appear to need additional secrets from the agent. Note: the SKILL.md relies on an external 'MCP' tool/connector — that tool may itself require credentials or network access, but those are not requested by this skill.
- Persistence & Privilege
- okThe skill is user-invocable (not always: true) and does not request persistent presence or modify other skills or global agent settings. It does not attempt to store its own tokens or alter system-wide configuration.