采用强大模型,一键生成小红书图文,助力品牌曝光和转化。适用于用户希望“生成小红书笔记/小红书文案/笔记”时,通过API自动生成结果而非手动撰写。
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for generating Xiaohongshu notes, but users should know their prompt is sent to an external XiaoNian API.
This appears safe for its stated purpose. Before installing, be comfortable that your Xiaohongshu note request will be sent to xiaonian.cc, and avoid putting private business or personal information into prompts unless that is acceptable.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent built the command unsafely, unusual characters in a prompt could be mishandled.
The skill instructs the agent to pass user-provided text into a local command. This is expected for the skill, but the argument should be handled as data rather than shell-interpolated text.
task_description: the user’s requirement (keep it verbatim...) ... python3 ... --task-description "<task_description>"
Use safe argument passing or proper shell escaping when invoking the script; do not let user text become additional command options or shell syntax.
Any brand details, campaign plans, or other information included in the prompt may be processed by the external service.
The script sends the user's task description and generation settings to the external xiaonian.cc API.
url = f"{base}/content/quick-note/generate" ... "task_description": args.task_descriptionAvoid including confidential or regulated information unless you are comfortable with this third-party API handling it.