Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
小红书舆情哨兵
v1.3.4面向中文用户的小红书舆情巡检技能。按关键词抓取搜索结果,判断登录墙/验证码/空结果状态,输出结构化笔记、热度/风险/竞品信号和现场截图。使用前需配置 XHS_COOKIE 与消息接收渠道(如 Telegram、企业微信)。适用于品牌口碑监控、竞品观察、热点追踪与内容研究。
⭐ 0· 140·0 current·0 all-time
by@zhangjh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (XHS monitoring) matches the included script: it launches a headless browser, searches Xiaohongshu, extracts notes, creates simple signals and screenshots. The SKILL.md and code require an XHS_COOKIE and optional CHANNEL/TARGET_ID for pushing results — these are appropriate for the stated purpose. However the registry metadata lists no required env vars while the README and code clearly rely on XHS_COOKIE (and optionally CHANNEL/TARGET_ID), so the manifest is inconsistent with the runtime requirements.
Instruction Scope
SKILL.md explicitly instructs running scripts/monitor.js and documents that the skill will first read environment variable XHS_COOKIE and (if absent) search for an existing run_xhs_monitor.sh to extract an exported cookie. The code implements exactly that behavior. It only navigates to xiaohongshu.com and scrapes page contents, generates structured output and screenshots; instructions require Markdown links for notes and to attach screenshots. There is no hidden or out-of-scope file exfiltration beyond the documented cookie lookup.
Install Mechanism
This is an instruction-only skill with a bundled Node script. There is no install spec. The script depends on puppeteer-core and a Chromium/Chrome executable (it checks PUPPETEER_EXECUTABLE_PATH and common paths). Users must ensure the runtime has Node, puppeteer-core, and a browser binary; nothing is downloaded by the skill itself.
Credentials
The skill legitimately needs an XHS_COOKIE to reuse authenticated access and optionally CHANNEL/TARGET_ID to push notifications. The script also searches several filesystem locations (repo root and user home paths) for run_xhs_monitor.sh and will parse an exported XHS_COOKIE from those files — this can read user-managed helper scripts and thus surface cookies stored there. That behavior is documented in SKILL.md but the registry metadata not listing required env vars is a discrepancy. No evidence the script sends collected data to unknown remote endpoints (it navigates to xiaohongshu.com); however the messaging/push implementation is not visible in the truncated file and should be checked before enabling automated outbound delivery.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not modify other skills or system-wide agent settings. It only reads environment variables and a small set of candidate files in the user's workspace/home to locate cookies, as documented.
Assessment
This skill appears to do what it says: run a headless browser, search Xiaohongshu, capture screenshots and extract simple signals. Before installing or running it: (1) confirm you trust the source — the registry metadata omits required env vars but SKILL.md requires XHS_COOKIE and optional CHANNEL/TARGET_ID; (2) avoid storing XHS_COOKIE or other secrets in generic helper scripts or public repos — the script will read run_xhs_monitor.sh in several locations; (3) ensure you have Node, puppeteer-core and a Chrome/Chromium binary available; (4) review the remainder of monitor.js (the file was partially shown) to verify whether it implements any outbound delivery (Telegram/WeCom) and how TARGET_ID is used; (5) if you must protect credentials, run this in an isolated environment or supply cookies only via an env var set for the runtime. If you want, I can scan the rest of monitor.js (the truncated tail) to confirm there are no unexpected network endpoints or data exfiltration paths.Like a lobster shell, security has layers — review code before you run it.
latestvk9737w6prmctwpbxt1vvargw1983wneh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.