Xhs Skills

This skill appears to do what it claims: it automates Xiaohongshu by driving your real browser and account via a local WebSocket bridge and a Chrome extension. Before installing or using it, consider the following: - Inspect the extension source (extension/*.js and manifest.json) before loading it into Chrome. Loading it grants the extension permissions to access site data on xiaohongshu domains, read cookies for that domain, capture screenshots, and use the Chrome debugger API. - The debugger permission and cookies access are required for uploading local files and interacting as your logged-in browser, but they are powerful: only install if you trust the repository and you understand the trade-offs. - The bridge server listens on localhost (ws://localhost:9333). Prefer keeping it bound to localhost and do not expose the port to external networks. Run it only when you intend to use the skill. - File uploads: the tool will accept absolute local file paths and can upload files from your disk; avoid using sensitive account(s) with high value or multiple critical accounts you cannot risk. - Rate limits and automation: follow the README guidance to avoid high-frequency actions which may trigger platform protections. If you want more assurance, you can: (1) run the code in an isolated environment, (2) audit extension messages to the bridge (e.g., run bridge_server.py with logging), or (3) use a throwaway/testing account instead of a primary account.