v1.0.1

Social Push Semi

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:22 AM.

Analysis

This skill mostly matches a semi-automatic Xiaohongshu publishing workflow, but it bundles logged-in browser automation and broader publish/comment/account-data capabilities that should be reviewed before installation.

GuidanceInstall only if you are comfortable giving the skill access to a dedicated logged-in Xiaohongshu browser profile. Use the documented preview-fill commands, do not invoke the bundled publish/click-publish/comment commands unless you intentionally want public actions, review all generated content manually, and pin or review dependencies before setup.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

vendor/xhs/scripts/cdp_publish.py

python cdp_publish.py ... publish --title "标题" ...
python cdp_publish.py ... click-publish ...
python cdp_publish.py ... post-comment-to-feed --feed-id FEED_ID ...

The stated skill workflow is semi-automatic, but the included CDP publisher documents direct publish, final-click, and comment-posting commands that could bypass the manual-publish guardrail if invoked.

User impactA wrong or overbroad invocation could publish content or comments publicly from the user’s Xiaohongshu account.

RecommendationExpose only the preview-fill wrappers for this skill, remove or disable direct publish/comment commands, and require an explicit final approval step for any public posting action.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

vendor/xhs/requirements.txt

requests>=2.28.0
websockets>=12.0

The setup installs dependencies with lower-bound version ranges rather than pinned versions or hashes, allowing future package changes.

User impactFuture dependency releases could change behavior or introduce vulnerabilities in the local automation environment.

RecommendationPin dependency versions, preferably with hashes or a lockfile, and publish a clear install specification.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

vendor/xhs/scripts/account_manager.py

Manages multiple Xiaohongshu accounts with separate Chrome profiles:
- Each account has its own user-data-dir for cookie isolation
- Accounts are stored in a JSON config file

The package persists and reuses authenticated browser profiles for Xiaohongshu accounts, which is high-impact account/session authority.

User impactUsing the skill can let automation act through a logged-in Xiaohongshu profile, so mistakes or unintended commands could affect the selected account.

RecommendationUse a dedicated Xiaohongshu profile or test account, keep CDP bound to localhost, document the profile/config paths, and require explicit user confirmation for account actions.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

vendor/xhs/scripts/cdp_publish.py

python cdp_publish.py ... get-notification-mentions [--wait-seconds 18]
python cdp_publish.py ... content-data [--page-num 1] [--page-size 10] [--type 0]

The bundled tool documents reading logged-in account notifications and creator/content analytics, which goes beyond preparing and preview-filling a publish package.

User impactPrivate account activity, mentions, or creator metrics could be accessed by the local automation if those commands are used.

RecommendationRemove these account-data commands from the skill bundle or clearly disclose them and gate them behind explicit user requests.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

scripts/topic_auto_api.sh

BASE_URL="https://ark.cn-beijing.volces.com/api/v3"
MODEL="doubao-seedream-5-0-260128"
API_KEY_ENV="DOUBAO_API_KEY"

The topic-to-image workflow uses an external Doubao-compatible API and an API key environment variable, which is expected for this feature but not declared in the registry requirements.

User impactThe topic, audience, image description, and API credential are used for an external image-generation request.

RecommendationDeclare DOUBAO_API_KEY in metadata, avoid sensitive prompt content, and do not override the base URL to an untrusted endpoint.