← Back to Skills Marketplace
185
Downloads
1
Stars
0
Active Installs
13
Versions
Install in OpenClaw
/install xhs-sentry
Description
面向中文用户的小红书舆情巡检技能。按关键词抓取搜索结果,判断登录墙/验证码/空结果状态,输出结构化笔记、热度/风险/竞品信号和现场截图。使用前需配置 XHS_COOKIE 与消息接收渠道(如 Telegram、企业微信)。适用于品牌口碑监控、竞品观察、热点追踪与内容研究。
Usage Guidance
This skill appears to do what it says: run a headless browser, search Xiaohongshu, capture screenshots and extract simple signals. Before installing or running it: (1) confirm you trust the source — the registry metadata omits required env vars but SKILL.md requires XHS_COOKIE and optional CHANNEL/TARGET_ID; (2) avoid storing XHS_COOKIE or other secrets in generic helper scripts or public repos — the script will read run_xhs_monitor.sh in several locations; (3) ensure you have Node, puppeteer-core and a Chrome/Chromium binary available; (4) review the remainder of monitor.js (the file was partially shown) to verify whether it implements any outbound delivery (Telegram/WeCom) and how TARGET_ID is used; (5) if you must protect credentials, run this in an isolated environment or supply cookies only via an env var set for the runtime. If you want, I can scan the rest of monitor.js (the truncated tail) to confirm there are no unexpected network endpoints or data exfiltration paths.
Capability Analysis
Type: OpenClaw Skill
Name: xhs-sentry
Version: 1.3.4
The skill exhibits suspicious behavior by searching the user's filesystem (including the home directory and OpenClaw workspace) for credentials stored in other scripts' files to extract the 'XHS_COOKIE' (scripts/monitor.js). It also utilizes prompt injection techniques by appending 'System Hints' to its console output, which are designed to override the AI agent's default behavior and force specific formatting (SKILL.md). While these actions are documented as features for user convenience and output consistency, the automated harvesting of secrets from unrelated files and the use of instruction-injection patterns are high-risk behaviors.
Capability Assessment
Purpose & Capability
Name/description (XHS monitoring) matches the included script: it launches a headless browser, searches Xiaohongshu, extracts notes, creates simple signals and screenshots. The SKILL.md and code require an XHS_COOKIE and optional CHANNEL/TARGET_ID for pushing results — these are appropriate for the stated purpose. However the registry metadata lists no required env vars while the README and code clearly rely on XHS_COOKIE (and optionally CHANNEL/TARGET_ID), so the manifest is inconsistent with the runtime requirements.
Instruction Scope
SKILL.md explicitly instructs running scripts/monitor.js and documents that the skill will first read environment variable XHS_COOKIE and (if absent) search for an existing run_xhs_monitor.sh to extract an exported cookie. The code implements exactly that behavior. It only navigates to xiaohongshu.com and scrapes page contents, generates structured output and screenshots; instructions require Markdown links for notes and to attach screenshots. There is no hidden or out-of-scope file exfiltration beyond the documented cookie lookup.
Install Mechanism
This is an instruction-only skill with a bundled Node script. There is no install spec. The script depends on puppeteer-core and a Chromium/Chrome executable (it checks PUPPETEER_EXECUTABLE_PATH and common paths). Users must ensure the runtime has Node, puppeteer-core, and a browser binary; nothing is downloaded by the skill itself.
Credentials
The skill legitimately needs an XHS_COOKIE to reuse authenticated access and optionally CHANNEL/TARGET_ID to push notifications. The script also searches several filesystem locations (repo root and user home paths) for run_xhs_monitor.sh and will parse an exported XHS_COOKIE from those files — this can read user-managed helper scripts and thus surface cookies stored there. That behavior is documented in SKILL.md but the registry metadata not listing required env vars is a discrepancy. No evidence the script sends collected data to unknown remote endpoints (it navigates to xiaohongshu.com); however the messaging/push implementation is not visible in the truncated file and should be checked before enabling automated outbound delivery.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not modify other skills or system-wide agent settings. It only reads environment variables and a small set of candidate files in the user's workspace/home to locate cookies, as documented.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xhs-sentry - After installation, invoke the skill by name or use
/xhs-sentry - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.4
refactor: replace hardcoded paths with portable /root for better cross-system support
v1.3.3
fix: ensure display name is correct
v1.3.2
refactor: remove fixed persona and update docs
v1.3.1
Fix display name to Chinese
v1.3.0
Fix WeCom plain text issue, enforce markdown_link, suppress LLM chatter, and patch absolute /tmp paths
v1.2.6
优化结果质量:无风险时 top_risk 返回空数组,过滤空标题卡片,并新增更适合人工快速判断的摘要报告。
v1.2.5
在商店页摘要中明确:使用前除 Cookie 外,还需配置消息接收渠道(Telegram / 企业微信)。
v1.2.4
补回消息接收渠道配置说明,加入 Telegram 与企业微信示例,同时继续使用占位符避免泄露真实 ID。
v1.2.3
优化商店页摘要与首屏说明,突出中文用户场景、页面状态判断、结构化巡检与现场截图能力。
v1.2.2
中文化对外品牌与说明文案,保留已修复的登录态复用、结构化巡检、热度/风险信号分析能力。
v1.2.1
Fix auth regression: reuse existing XHS cookie login from env or legacy monitor scripts, restore authenticated crawling, and expose auth_mode in results.
v1.2.0
Upgrade from page probe to generic XHS sentiment monitor: add heuristic risk/hot/competitive signal analysis, structured analysis output, clearer operating states, and evidence-first reporting.
v1.1.0
Upgrade to generic XHS sentiment monitor: explicit login/captcha/no-result detection, stronger note extraction, diagnostics preview, and full-page evidence screenshots.
Metadata
Frequently Asked Questions
What is 小红书舆情哨兵?
面向中文用户的小红书舆情巡检技能。按关键词抓取搜索结果,判断登录墙/验证码/空结果状态,输出结构化笔记、热度/风险/竞品信号和现场截图。使用前需配置 XHS_COOKIE 与消息接收渠道(如 Telegram、企业微信)。适用于品牌口碑监控、竞品观察、热点追踪与内容研究。 It is an AI Agent Skill for Claude Code / OpenClaw, with 185 downloads so far.
How do I install 小红书舆情哨兵?
Run "/install xhs-sentry" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 小红书舆情哨兵 free?
Yes, 小红书舆情哨兵 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 小红书舆情哨兵 support?
小红书舆情哨兵 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 小红书舆情哨兵?
It is built and maintained by zhangjh (@zhangjh); the current version is v1.3.4.
More Skills