小红书自动发布助手
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved and executed, the agent can post publicly from the user's Xiaohongshu creator account.
The skill can use browser automation to publish content to Xiaohongshu, which is a high-impact public action, although the workflow is disclosed and scoped to the stated purpose.
browser → act → click publish button
Review the generated title, body, tags, and cover image carefully before approving publishing.
The agent can act through the logged-in Xiaohongshu session when publishing steps are approved.
The skill relies on an authenticated browser session for the user's Xiaohongshu account; this is expected for publishing but grants account-level authority in that browser context.
OpenClaw browser tool — access to a browser with the user logged into 小红书 creator portal
Use a dedicated browser profile or sandbox session for the intended Xiaohongshu account, and do not approve publishing unless the account and content are correct.
Installing dependencies from untrusted sources could expose the local environment to supply-chain risk.
The skill documents package installation requirements despite having no formal install spec. This is common for an instruction-based skill, but users should install dependencies from trusted package sources.
Python 3 with Pillow (`pip install Pillow` or `apt install python3-pil`)
Install Pillow and fonts using trusted system or Python package repositories, and avoid copying install commands from modified or untrusted versions of the skill.
Draft content may persist beyond the current interaction and could be referenced in later work.
The skill stores generated draft content in a persistent memory-style path, which is purpose-aligned but may retain planned marketing or personal content for later reuse.
Save draft to `memory/xiaohongshu-draft.md`
Avoid putting sensitive or embargoed information in drafts unless you are comfortable with it being saved, and clear old drafts when no longer needed.
A scheduled workflow could repeatedly generate posting drafts or initiate the review process.
The skill describes optional scheduled use. It also says delivery should announce to the user's channel and elsewhere states never to auto-publish, so this appears disclosed and controlled rather than hidden persistence.
This skill works with cron jobs for scheduled daily posting. Typical cron setup:
Configure cron jobs so they only draft or request approval, and do not allow scheduled runs to publish without explicit confirmation.