小红书自动化 V2

基于Chrome DevTools Protocol，实现小红书认证登录、内容发布、搜索发现和社交互动的完整自动化操作。

What to consider before installing/running this skill: - The code largely matches the described automation capability (it controls Chrome via CDP, manages profiles under ~/.xhs, and implements publishing/search/commenting flows), but the README includes hidden unicode control characters — inspect SKILL.md with a hex viewer or a trusted editor to ensure no hidden instructions are present. - The package will write persistent data to your home directory (~/.xhs): saved profiles, cookies, images, and a run.lock. If you plan to test, do so in an isolated account or container and back up any data you care about. - The code reads environment variables (CHROME_BIN to locate Chrome, XHS_PROXY for proxying) even though the skill metadata lists none. Be aware of these runtime knobs and set them intentionally; an attacker could try to direct traffic via a proxy if you unknowingly export one. - It launches Chrome with --no-sandbox/--disable-setuid-sandbox to support root execution; running Chrome without sandboxing is less secure. Avoid running this on production hosts or on machines with sensitive data — prefer an isolated VM or disposable container. - The skill can run system utilities to find/kill processes and will spawn subprocesses (Chrome). That behavior is necessary for this automation but consider limits: it can terminate processes bound to the CDP port if they conflict. - Network activity: the tool will fetch images from arbitrary URLs and talk to Chrome's local debugging endpoint. Review any URLs you pass to it and monitor outbound connections if you run it. - Recommended actions before use: review the full source (especially any truncated/omitted files), remove or neutralize hidden control characters in SKILL.md, run in an isolated environment, and inspect or pin third-party dependencies from requirements.txt. If you plan to use real accounts, consider risks related to platform ToS and detection avoidance code (anti-detection/stealth) that may be ethically or legally problematic.

Type: OpenClaw Skill Name: xiaohongshu-v2 Version: 2.0.0 The skill bundle is a comprehensive Xiaohongshu automation suite using Chrome DevTools Protocol (CDP). It is classified as suspicious due to a potential JavaScript injection vulnerability in `scripts/xhs/comment.py` where the `user_id` parameter is unsafely interpolated into a browser-side `evaluate` call. Additionally, `scripts/chrome_launcher.py` launches Chrome with security-weakening flags such as `--no-sandbox` and `--disable-setuid-sandbox`. While these capabilities and the broad file/network access (e.g., in `scripts/image_downloader.py`) are aligned with the tool's stated purpose, they represent a significant attack surface and risky security practices.