小红书自动发布助手

The skill bundle is classified as suspicious due to a potential Local File Write (LFW) vulnerability in `scripts/gen_cover.py`. The script takes an `--output` argument and saves a generated image to the specified path. If the OpenClaw agent allows arbitrary user input for this argument without proper sanitization, an attacker could potentially overwrite or corrupt sensitive files on the system where the agent runs, assuming sufficient write permissions. There is no clear evidence of intentional malicious behavior such as data exfiltration, backdoors, or prompt injection designed to subvert the agent's security, but the LFW risk constitutes a significant vulnerability.