← Back to Skills Marketplace

小红书自动化

Name: 小红书自动化
Author: pearl799

by Pearl · GitHub ↗ · v1.0.1

cross-platform ⚠ suspicious

1218

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install openclaw-xhs

Description

小红书自动化 — 用 exec 工具运行脚本来登录、发布、爬热点、AI 生成图文。所有操作必须通过 exec 工具执行 uv run 命令，不要用 browser 工具。

Usage Guidance

This skill appears to be a coherent Xiaohongshu automation toolkit, but it performs sensitive, persistent actions: it will copy code into ~/.openclaw, install Python dependencies, modify your openclaw.json, create a Chrome profile and store site cookies (which allow posting as your account), and can run an automated 'auto' publish pipeline. Additional cautions: - Review code before running the installer: inspect scripts under xhs-toolkit/src, especially server/auth modules (smart_auth_server.py, mcp_server.py, cookie_manager.py) for any unexpected network endpoints or server behavior. - Do not paste real credentials (IMAGE_API_KEY, OPENCLAW_GATEWAY_TOKEN) until you trust the repository; consider using limited-scope API keys or test accounts. - Back up ~/.openclaw/openclaw.json before installer modifies it and inspect what values the installer writes. - The SKILL.md contains an instruction forbidding use of the browser tool and the file has unicode-control-chars — this is a prompt-injection pattern. Prefer to run the toolkit in an isolated environment (VM or container) first and step through installer actions manually. - Because the skill can auto-publish, avoid enabling or triggering the 'auto' mode until you have tested the pipeline in preview/dry-run mode and validated that saved cookies and publishing behavior are correct. If you want to proceed safely: clone the repo locally, inspect the files indicated above, run installer steps manually (copy files, run uv sync) while watching what gets written to disk, and consider limiting network access for the skill during initial tests.

Capability Analysis

Type: OpenClaw Skill Name: openclaw-xhs Version: 1.0.1 The skill is classified as suspicious due to its extensive use of web automation (Selenium) with full browser control, including persistent profiles, and the capability to download files from arbitrary URLs. While these features are aligned with the stated purpose of Xiaohongshu automation (login, content generation, publishing, data scraping), they introduce inherent risks. Specifically, `scripts/xhs_trending.py` and `scripts/xhs_auth.py` (and the underlying `xhs-toolkit/src/core/browser.py`) launch Chrome, potentially in a non-headless mode for login, and interact with web pages. The `scripts/xhs_generate_content.py` leverages `src/utils/image_processor.py` to download images from user-provided or AI-generated URLs, which could be abused for large file downloads or to introduce malicious content if the image processing library had vulnerabilities. The installer also modifies `~/.openclaw/openclaw.json`, a sensitive configuration file, which, while intended, is a high-privilege action. No direct evidence of intentional malice (e.g., exfiltration of unrelated sensitive data, backdoor installation) was found, and the `SKILL.md` instructions do not contain prompt injection attempts.

Capability Assessment

✓ Purpose & Capability

Name/description, required binary (uv), and required env vars (XHS_TOOLKIT_DIR, IMAGE_API_KEY, IMAGE_BASE_URL, IMAGE_MODEL) align with an automation toolkit that generates images and publishes posts. Requiring Chrome and local cookie storage is coherent for a web-automation/publishing tool. The only mildly odd item is marking a directory path (XHS_TOOLKIT_DIR) as the primaryEnv, but this is explainable because the skill invokes a local project.

⚠ Instruction Scope

SKILL.md explicitly instructs the agent to run local scripts via exec (uv run) and to not use the browser tool — this is a directive that changes tool selection (a prompt-injection pattern). The shipped scripts open Chrome (Selenium), load/save cookies, modify user config (~/.openclaw/openclaw.json), and can automatically publish content. Those actions are within the claimed purpose but are sensitive: cookies and Chrome profile are read/written, and scripts call a local OpenClaw gateway and external image-generation APIs. The SKILL.md also references optional tokens (OPENCLAW_GATEWAY_TOKEN) and data directories not listed as required envs, and a pre-scan found unicode-control-chars inside SKILL.md (possible attempt to influence processing).

ℹ Install Mechanism

Installer is a repository-provided install.sh which copies files into ~/.openclaw/skills/xhs, installs Python deps via uv, and injects entries into the user's openclaw.json. The declared brew formula (uv) is reasonable. The install writes files to the user's home and updates config — expected for this type of skill, but it's persistent and should be inspected before running. No third-party arbitrary binary download URLs were noted in the metadata, but the installer will run uv sync and uv pip which pull dependencies from package indexes.

ℹ Credentials

Requested env vars (toolkit dir and image-generation API info) are appropriate for generating images and running the local toolkit. However, the skill will create and read a cookies file (~/.openclaw/credentials/xhs_cookies.json) and writes image API keys and gateway token to openclaw.json during install — both are sensitive credentials. The optional OPENCLAW_GATEWAY_TOKEN (used for local gateway calls) is not strictly required but the scripts will attempt to talk to http://127.0.0.1:18789 and will include a token if present.

ℹ Persistence & Privilege

always:false (good). The installer and runtime create persistent files (skill files under ~/.openclaw, Chrome profile directory, cookies file, and edits openclaw.json). Autonomous invocation (disable-model-invocation:false) is allowed by default; combined with the skill's ability to publish posts and run a pipeline that can operate in 'auto' mode, this increases blast radius if the skill is misused. The skill does not declare it will modify other skills' configuration beyond adding its own entry, which matches the installer behavior.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install openclaw-xhs
After installation, invoke the skill by name or use /openclaw-xhs
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

Fix VirusTotal flags: remove inline heredoc, no-sandbox, hardcoded user-agent

v1.0.0

Initial release: trending, AI content generation with configurable image API, auto-publishing

Metadata

Slug openclaw-xhs

Version 1.0.1

License —

All-time Installs 7

Active Installs 6

Total Versions 2

Frequently Asked Questions

What is 小红书自动化?

小红书自动化 — 用 exec 工具运行脚本来登录、发布、爬热点、AI 生成图文。所有操作必须通过 exec 工具执行 uv run 命令，不要用 browser 工具。 It is an AI Agent Skill for Claude Code / OpenClaw, with 1218 downloads so far.

How do I install 小红书自动化?

Run "/install openclaw-xhs" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 小红书自动化 free?

Yes, 小红书自动化 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does 小红书自动化 support?

小红书自动化 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 小红书自动化?

It is built and maintained by Pearl (@pearl799); the current version is v1.0.1.

More Skills