← Back to Skills Marketplace
ykabps1314

Rn Skills

by yb · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
263
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install rn-skills-tywx
Description
小红书爆款内容全自动创作助手,专注「时尚穿搭与新中式美学」赛道。 自动完成素材收集、选题筛选、文案生成、AI配图(通义万相)、本地归档的完整流程。 Use when: 用户说"创作小红书"、"收集素材"、"根据XXX创作",或需要批量生成小红书图文笔记。 NOT for: 其他平台(抖音/微博)的内容创作,也不用...
Usage Guidance
This skill appears to do what it says (generate Xiaohongshu copy + images), but review and fix a few issues before running it: - Metadata omission: The registry metadata does not list the required DASHSCOPE_API_KEY even though SKILL.md and the script need it. Treat that as a packaging error and assume the API key is required. Do not provide the key unless you trust the source. - Inspect generate_images.py carefully: it will try to read ~/.zshrc to find DASHSCOPE_API_KEY if the env var is missing; if you do not want scripts scanning your shell config, set the env var explicitly or remove that fallback behavior. - Hard-coded paths: The script writes to absolute paths (/Users/yk/...). Modify the script to use relative or configurable output directories so it doesn't place files in unexpected locations or overwrite your data. - Shell execution risks: The script builds curl commands with the API key and runs them via shell=True. Ensure the API key and prompts are sanitized and run this in a controlled environment (or replace with requests library calls) to avoid injection risks. - Minimal credential scope: DASHSCOPE_API_KEY is the only credential used; verify you obtain the key from your own Alibaba account and rotate/revoke it if you stop using the skill. - Run in isolation first: Execute the script in a disposable environment (container or throwaway VM) to confirm behavior and to avoid accidental writes to your home directory. If you want, I can produce a safer variant of generate_images.py that (1) reads the API key only from an explicit env var, (2) uses relative output paths (or an explicit --output argument), and (3) uses Python HTTP requests instead of shell curl to avoid shell injection.
Capability Analysis
Type: OpenClaw Skill Name: rn-skills-tywx Version: 1.0.1 The script `generate_images.py` contains high-risk patterns, specifically reading the user's `~/.zshrc` file to extract API keys and using `subprocess.run(shell=True)` to execute `curl` commands, which introduces a shell injection vulnerability. While these behaviors are likely intended for the stated purpose of image generation via the DashScope API (dashscope.aliyuncs.com), the intrusive credential retrieval and insecure execution methods are significant security flaws. Additionally, the script contains hardcoded absolute paths specific to the author's environment, indicating poor portability and potential for unexpected behavior.
Capability Assessment
Purpose & Capability
Overall the declared purpose (trend scouting, copywriting, and image generation via Alibaba Tongyi Wanxiang) aligns with the included files: keyword/title/image presets, history, and a Python script that calls the dashscope API. However metadata claims 'Required env vars: none' while both SKILL.md and generate_images.py require DASHSCOPE_API_KEY. The script also uses curl (via subprocess) but the skill metadata does not declare required binaries (curl) — an inconsistency that suggests sloppy packaging or missing declarations.
Instruction Scope
SKILL.md instructs only scoped actions (web search, generate copy, call Tongyi Wanxiang, save outputs). But the included generate_images.py reads the user's ~/.zshrc as a fallback to extract DASHSCOPE_API_KEY (this is not documented in SKILL.md), uses hard-coded absolute paths under /Users/yk/... for output, and runs shell commands (curl, cp) via subprocess.run(shell=True). The code therefore reads a local config file and writes to specific filesystem locations beyond the skill directory — behavior not described in SKILL.md and widening the runtime scope.
Install Mechanism
There is no install spec (instruction-only skill), which minimizes supply-chain risk. The only runtime artifact is generate_images.py which performs network calls to an official dashscope.aliyuncs.com endpoint and downloads image files. No archive downloads or third-party package installs are present in the manifest.
Credentials
The skill requires a single external credential (DASHSCOPE_API_KEY) to call the image API — that's proportionate to image generation. But the skill metadata fails to declare this required env var. Worse, the script will read ~/.zshrc to extract the key if the environment variable is not set, which means it reads a user config file to find secrets. This fallback access to shell config increases privacy risk and is not justified in the manifest or SKILL.md.
Persistence & Privilege
The skill is not always-on and does not request elevated platform privileges. It writes outputs and updates history.json in the project, which is expected for a content generator. The concerning part is that generate_images.py uses hard-coded absolute paths outside the project directory (e.g., /Users/yk/Documents/work/skills/...), which could overwrite or place files in unexpected locations on a user's machine if executed as-is.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install rn-skills-tywx
  3. After installation, invoke the skill by name or use /rn-skills-tywx
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- 新增 generate_images.py 文件,引入独立图片生成模块。 - 功能结构未变,核心流程保持一致。
v1.0.0
xiaohongshu-creator skill released! - 自动化生成小红书爆款时尚穿搭与新中式美学内容,涵盖素材收集、选题、文案、AI配图、本地归档全流程 - 支持用户按需触发(如「创作小红书」「收集素材」「根据XXX创作」等) - 高效并行爬取多平台热门信息,智能筛选优化赛道相关选题 - 文案与配图风格高度可定制,季节智能感知,并严格控制内容原创性与图片一致性 - 输出目录结构清晰,附带详细发布建议与API成本预测
Metadata
Slug rn-skills-tywx
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Rn Skills?

小红书爆款内容全自动创作助手,专注「时尚穿搭与新中式美学」赛道。 自动完成素材收集、选题筛选、文案生成、AI配图(通义万相)、本地归档的完整流程。 Use when: 用户说"创作小红书"、"收集素材"、"根据XXX创作",或需要批量生成小红书图文笔记。 NOT for: 其他平台(抖音/微博)的内容创作,也不用... It is an AI Agent Skill for Claude Code / OpenClaw, with 263 downloads so far.

How do I install Rn Skills?

Run "/install rn-skills-tywx" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Rn Skills free?

Yes, Rn Skills is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Rn Skills support?

Rn Skills is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Rn Skills?

It is built and maintained by yb (@ykabps1314); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments