AI全链路科技资讯工厂
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could post AI-generated content to the user's public social or official accounts, affecting reputation or compliance if the content is inaccurate or unwanted.
The workflow directs the agent to publish multiple public posts/articles, but the artifacts do not define a mandatory draft, preview, or user approval step before publication.
用 xiaohongshutools 发布小红书笔记(3条:热点、应用、深度各1条) ... 发布到公众号
Add an explicit review-and-confirmation gate before every publish action, default to saving drafts, and require separate user approval for Xiaohongshu and WeChat publication.
If configured, the agent may act through the user's logged-in social accounts, including publishing content under that identity.
The skill expects access to platform session cookies and official-account authorization, while the supplied metadata declares no primary credential or required environment variables.
确保已配置 cookies 和 session(参考 SKILL.md) ... 确认公众号授权状态
Declare required credentials clearly, document where sessions are stored, limit them to posting-only scopes where possible, and warn users before using account sessions.
The safety of the overall workflow depends on other installed skills that may have broader account or file access than this package discloses.
The workflow depends on local, unreviewed skills for high-impact functions such as social posting; their code and provenance are not included in the artifact set.
"source": "local", "path": "/root/.openclaw/workspace/skills/xiaohongshutools"
Review and pin the dependent skills, especially publishing tools, before enabling the workflow or scheduling it.
If the user installs the cron job, the agent may continue generating and publishing content on a schedule without the user being present.
The cron command is a disclosed, user-directed setup example, but it would persistently trigger the full publishing workflow every day.
配合 OpenClaw cron 实现每日自动执行 ... cron add --name "AI科技资讯工厂"
Use cron only after adding publish confirmations, draft mode, monitoring, and an easy disable path.