Just internal test skill
WarnAudited by ClawScan on May 16, 2026.
Overview
This instruction-only skill is explicitly designed to automate a logged-in Xiaohongshu account with human-like likes, follows, collections, and comments, including scheduling and anti-detection behavior.
Install only if you knowingly want an agent to control a logged-in Xiaohongshu account for automated engagement. The main risk is not hidden malware in code, but the documented behavior: automated public actions, anti-detection techniques, scheduled multi-session use, and persistent local logs.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could like, save, follow, and post comments from the user's Xiaohongshu account, which can affect reputation, annoy other users, or trigger platform restrictions.
The skill directs browser tools to perform public account actions, including sending comments, not just read or assist.
自动执行点赞、收藏、关注、评论四类动作 ... find("评论输入框") → 点击激活 ... find("发送按钮") → 点击Only allow this kind of automation with explicit per-action confirmation, especially for follows and comments; consider not installing if you do not want account actions performed automatically.
Once active, the agent acts with the same Xiaohongshu account privileges as the logged-in user.
The skill relies on the user's existing authenticated browser session rather than a narrowly scoped credential.
✅ 保持用户已登录的 Cookie/Session
Use a dedicated account if testing; do not run it in a browser session for an account you cannot risk, and require clear approval boundaries.
The skill may continue running interaction tasks on a schedule, potentially across multiple sessions or accounts, unless the user actively stops it.
The artifacts describe recurring scheduled automation with pre-checks and recovery behavior.
定时调度:OpenClaw cron 集成、前置检查、启动抖动、故障恢复
Disable scheduled execution by default and require a visible opt-in, clear stop controls, and run summaries for every session.
Users may underestimate the platform-policy and account-risk implications because the skill presents detection avoidance as a normal safety feature.
The skill frames human-like evasion of platform detection as a core safety/risk-control feature.
反检测策略(核心风控层) ... 行为指纹伪装 ... 鼠标轨迹 | 贝塞尔曲线移动 ... 打字节奏 | 字符间隔 80-200ms
Treat the anti-detection design as a major warning sign; avoid using it unless you fully accept the account and compliance risks.
Opening generated reports could execute third-party CDN JavaScript in the same page as the skill's local activity data.
The dashboard template loads remote JavaScript with only a broad major version and no integrity pinning, while reports embed account/activity data.
<script src="https://cdn.jsdelivr.net/npm/chart.js@4/dist/chart.umd.min.js"></script>
Bundle a pinned local Chart.js copy or use subresource integrity, and disclose any external network dependency in the skill metadata.
Interaction history and account activity details may remain on disk after use.
The skill stores persistent local logs and state for interactions, counters, targets, and errors.
append_to_log(f"data/nurture-log/{self.date}.jsonl", log_entry) ... write_json("data/nurture-state.json", { ... })Review and periodically delete generated data files if you do not want local activity history retained.