← Back to Skills Marketplace
585
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install pigbun-rednote
Description
小红书AI运营工具,支持搜索、发布笔记,评论管理,社交互动及数据分析的一站式自动化解决方案。
Usage Guidance
This skill appears to do what it says (web automation for 小红书) but depends on a third‑party service (pigbunai.com) and an interactive QR login whose token storage/handling are unspecified. Before installing: 1) Verify pigbunai.com is trustworthy (company, privacy/terms, contact); 2) Ask the skill/vendor for source code or a clear description of what `openclaw rednote init` stores and where session tokens/API requests are sent; 3) Use a throwaway or test Xiaohongshu account when first trying it; 4) Limit the plugin to specific tasks and disable it when not needed; 5) Check OpenClaw plugin config storage and rotation/revocation options for the apiKey; 6) Avoid giving it high-value accounts (payment info, business accounts) until you confirm behavior; 7) If you need a higher assurance, request a signed/hosted implementation or audited code before use.
Capability Analysis
Type: OpenClaw Skill
Name: pigbun-rednote
Version: 0.8.1
The skill bundle is classified as suspicious due to its broad and powerful capabilities, which inherently carry significant risk, even without explicit malicious instructions in the provided documentation. It requires an external API key from `pigbunai.com`, necessitates running system commands (`npx playwright install chromium`) as a prerequisite, and involves handling user authentication (QR code login via `openclaw rednote init`) for full control over a Xiaohongshu account. While these actions are plausibly needed for the stated purpose of an 'AI operations tool,' the extensive permissions (publishing, editing, deleting content, social interaction, accessing analytics) create a large attack surface if the underlying, unseen code were malicious or compromised, potentially leading to account takeover, data exfiltration, or unauthorized content posting.
Capability Assessment
Purpose & Capability
The skill advertises Xiaohongshu (小红书) automation (search, publish, comment, analytics) and its instructions require an API key from pigbunai.com plus Playwright and a browser QR-login. Those dependencies are plausible for a web-automation/integration skill, but pigbunai.com is an intermediary service (not the official platform) and the SKILL.md provides no provenance or guarantees about what that third party does with requests or data.
Instruction Scope
Instructions are concrete (install Playwright, obtain API key, run `openclaw rednote init` to scan and login). They do not ask the agent to read unrelated system files or environment variables. However, they are vague about what `openclaw rednote init` does (where session tokens are stored, whether credentials or cookies are transmitted to pigbunai.com, retention policy), which matters because the skill will act on the user's account (publish/delete/comment).
Install Mechanism
This is an instruction-only skill with no install spec or code files — lowest install risk. It tells the user to run `npx playwright install chromium`, which is a normal requirement for browser automation and not itself suspicious. No downloads from unknown URLs or archive extraction are specified by the skill.
Credentials
The skill asks the user to supply an API key from pigbunai.com in the OpenClaw plugin config (not via environment variables). Requesting an API key for a third‑party service that proxies Xiaohongshu is proportionate for this functionality, but because the key grants remote control over operations (search, publish, comment) and the SKILL.md offers no details on the key's scope or what data pigbunai.com will see/store, this is a potential credential/exfiltration concern. The registry metadata shows no declared required env vars, so there is no explicit listing of where secrets are stored or protected.
Persistence & Privilege
always:false (normal). The skill requires an interactive QR login step which likely creates persistent session tokens allowing future automated actions; the skill does not describe how/session tokens are stored or how to revoke them. Autonomous invocation is allowed by default (not flagged by itself) — combined with stored session tokens and a third‑party API, this could permit ongoing actions on the user's account if not carefully managed.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pigbun-rednote - After installation, invoke the skill by name or use
/pigbun-rednote - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.8.1
Version 0.8.1 of pigbun-rednote
- No file changes detected in this release.
- All features and documentation remain unchanged.
v0.8.0
PigBun RedNote 0.8.0
- 新增 OpenClaw 小红书 AI 运营工具,集搜索、发布、分析、互动于一体
- 内置 27 个自动化工具,覆盖内容创作、社交互动与数据分析
- 支持多种笔记发布方式(图文、视频、长文、纯文字)
- 提供评论管理、粉丝分析、热门话题发现与运营报告生成功能
- 指明所需 API Key 获取方式及初始配置说明
Metadata
Frequently Asked Questions
What is PigBun RedNote?
小红书AI运营工具,支持搜索、发布笔记,评论管理,社交互动及数据分析的一站式自动化解决方案。 It is an AI Agent Skill for Claude Code / OpenClaw, with 585 downloads so far.
How do I install PigBun RedNote?
Run "/install pigbun-rednote" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is PigBun RedNote free?
Yes, PigBun RedNote is completely free (open-source). You can download, install and use it at no cost.
Which platforms does PigBun RedNote support?
PigBun RedNote is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created PigBun RedNote?
It is built and maintained by PigBun-AI (@pigbun-ai); the current version is v0.8.1.
More Skills