Back to skill
Skillv1.0.0
ClawScan security
Xiaohongshu Image Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 14, 2026, 3:01 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only Xiaohongshu image-generation skill that is internally consistent: it documents design rules and how to call the platform's Rendshot image/template APIs and requests no extra installs, binaries, or credentials.
- Guidance
- This skill appears coherent and low-risk as packaged, but before installing consider: 1) Verify your platform provides the listed runtime functions (generate_image, list_templates, create_template) and whether calls incur usage costs or require a separate API key managed by the platform. 2) Confirm how generated images, user-supplied photos, and template data are stored/retained by the backend (privacy/retention). 3) Review prompts and generated copy for sensitive, promotional, or copyrighted content before publishing to Xiaohongshu. 4) If you integrate with an external Rendshot service outside your control, review that service's reputation and access/credential requirements. If you need me to check for hidden network endpoints or credential usage, provide an install spec or code files for further review.
Review Dimensions
- Purpose & Capability
- okThe name/description match the instructions and reference files: the skill guides prompt and template-based image generation for Xiaohongshu using platform functions (list_templates, get_template, generate_image, create_template). It does not request unrelated services or credentials.
- Instruction Scope
- okSKILL.md confines runtime actions to gathering user/context info, selecting design patterns from local references, and calling the declared image/template generation functions. It does not instruct reading unrelated system files, environment variables, or exfiltrating data.
- Install Mechanism
- okNo install spec or code files are present; this is instruction-only, so nothing is written to disk or downloaded at install time.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The requirements are minimal and appropriate for an instruction-only design-and-generation skill.
- Persistence & Privilege
- okThe skill is not forced-always, and does not request elevated privileges or modifications to other skills. Normal autonomous invocation is allowed (platform default) but not unusual or excessive here.