Skillv0.1.0

ClawScan security

Openclaw Xiaohongshu Ops · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 7:28 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions generally match a Xiaohongshu content workflow, but there are coherence issues (undeclared required environment variables and local-toolkit invocation) that you should understand before installing.
Guidance: This package is largely what it says: a review-first Xiaohongshu content workflow with helper scripts. Before installing, note these practical issues and checks: 1) The metadata does not list required env vars but the code requires XHS_TOOLKIT_ROOT (and the README mentions XHS_REVIEW_OPEN_ID). Set and verify these before use. 2) publish_approved_note.py will call a local xhs_toolkit.py (via subprocess) and can perform a live publish if run with --allow-live and an exact --confirm-title; review that toolkit's code and understand its credentials and UI automation before allowing live runs. 3) The scripts write to .openclaw/pending-xhs/ and memory/ in your workspace and create a temporary Chrome user-data directory for publish runs—ensure you’re comfortable with those locations and have backups. 4) If you need the skill to declare requirements, request that the author add XHS_TOOLKIT_ROOT and XHS_REVIEW_OPEN_ID to the skill manifest so the platform can surface warnings and enforce least privilege. 5) If you want lower risk, run the scripts manually in a controlled environment (inspect xhs_toolkit.py first) rather than enabling autonomous invocation.

Review Dimensions

Purpose & Capability: noteThe name/description (Xiaohongshu content ops with review-first workflow) matches the included docs and scripts: research, draft, preview, save packages, write memory, and a publish helper that invokes a local xhs_toolkit. However the skill package does not declare environment variables even though the README and scripts require XHS_TOOLKIT_ROOT (and the README references XHS_REVIEW_OPEN_ID). This omission is an inconsistency between declared requirements and actual needs.
Instruction Scope: noteSKILL.md and workspace docs instruct the agent to read many local template files and use the bundled scripts. The runtime scripts read and write local files (.openclaw/pending-xhs/, memory/), call a local toolkit (xhs_toolkit.py) via subprocess, and set a temporary Chrome user-data dir for publishing. These actions are coherent with the stated publish-assist purpose but the instructions assume a pre-existing local Xiaohongshu toolkit and specific environment variables (not listed in the skill metadata).
Install Mechanism: okThere is no network install spec and no downloads; the skill is instruction-heavy and ships Python scripts and docs. That reduces remote-install risk. The included scripts will be present on disk as part of the skill package, but nothing in the manifest fetches remote code.
Credentials: concernThe skill metadata declares no required env vars, yet scripts explicitly require XHS_TOOLKIT_ROOT (publish_approved_note.py raises if not set) and the README/TOOLS.md reference XHS_REVIEW_OPEN_ID. These environment variables are appropriate for a local publish workflow, but the omission from declared requirements is a coherence problem: a user could install/run the skill without realizing these variables are mandatory. No unrelated cloud credentials or broad secrets are requested, which is good.
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated platform privileges. It writes files to local workspace subpaths (.openclaw/pending-xhs, memory/) and creates a temporary Chrome profile dir when publishing; those are reasonable for a content workflow and are scoped to the user's workspace/environment.