Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (Xiaohongshu post with text+image) matches the SKILL.md: step-by-step UI actions for creating a '文字配图' post. The README's references to sub‑agents and browser-driven operation are consistent with a human-assisted workflow and do not request unexpected binaries or API keys.
Instruction Scope
Runtime instructions only describe UI interactions (click buttons, paste copy, generate images, take screenshots, ask user to confirm). They do not instruct the agent to read arbitrary files, access environment variables, or send data to third‑party endpoints. Note: the skill requires taking and sharing screenshots for user confirmation — avoid including sensitive account/session information in those images.
Install Mechanism
There is no install spec and no code files (instruction-only), so nothing is downloaded or written to disk. This is the lowest-risk install model.
Credentials
The skill does not declare required env vars or credentials, but README and preconditions mention a 小红书 creator account and optional Feishu spreadsheet and sub‑agent configuration. This is operational (human) requirement rather than programmatic credentials; however, users should be aware that account access is needed to actually post and that any additional sub‑agents or integrations (e.g., Feishu) would require their own permissions.
Persistence & Privilege
always:false and no installation actions are requested. The skill does not persist credentials or modify system/agent settings.
Assessment
This is a manual posting checklist for Xiaohongshu and appears coherent and low-risk: it doesn't install code or request API keys. Before using it, confirm you are comfortable granting any human operators or sub‑agents access to your Xiaohongshu account or Feishu sheets; never share passwords or session tokens. When taking screenshots for user confirmation, ensure they don't expose sensitive information (e.g., account settings, saved passwords, or unrelated private data). If you plan to automate steps later, require explicit, minimal credentials and audit any automation code or install scripts first.Like a lobster shell, security has layers — review code before you run it.
latestvk97czrgf9ycj83nvtehrnwt8qh83kz8h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.