← Back to Skills Marketplace
2718
Downloads
4
Stars
16
Active Installs
16
Versions
Install in OpenClaw
/install xhs-skill
Description
小红书(创作者中心)登录拿 cookies、发布笔记、导出数据的单一入口技能(浏览器交互委托 agent-browser-stealth)
Usage Guidance
This skill appears to do what it says: local helpers plus enforcement scripts around Xiaohongshu login, cookie export/normalization, payload verification and review. Before installing: (1) Review and run the included scripts locally to confirm behavior—they read/write files under data/ and config/, and will export cookies (these cookies can grant account access if mishandled). (2) If you enable the review script's AI features, ensure you understand which API key will be used (OpenAI keys are not declared in registry); only provide credentials you trust. (3) The SKILL.md enforces a strict response/output format (scanner flagged this as a potential prompt-override); this is probably harmless formatting guidance but be cautious about workflows that require pasting sensitive tokens into chat. (4) 'npm i' pulls only image/QR-related packages — if you prefer, inspect package.json and node_modules before running. If you need higher assurance, ask the author for a signed source/homepage or for explicit confirmation about whether any network calls (beyond optional AI calls) are performed by the scripts.
Capability Analysis
Type: OpenClaw Skill
Name: xhs-skill
Version: 1.0.15
The skill is classified as suspicious primarily due to the `scripts/review_publish_payload.mjs` script making external API calls to OpenAI (or a configurable `OPENAI_BASE_URL`) for content moderation. This involves sending user-generated content (title, body, tags, and potentially base64-encoded images) to a third-party service. While the stated purpose is benign (content review and anti-AI measures), this capability represents a significant data privacy concern and a potential data exfiltration vector if the API key or the external service were compromised, or if the skill's true intent were malicious. Additionally, the `SKILL.md` instructs the AI agent to execute various shell commands (`node`, `agent-browser-stealth`, `sips`), which introduces a vulnerability risk if the agent's command execution mechanism does not robustly sanitize all user-provided inputs before execution, potentially leading to shell injection.
Capability Assessment
Purpose & Capability
Name/description match the code and instructions: scripts and CLI focus on QR decoding, cookie normalization, login verification, publish payload verification, and content review. All files relate to Xiaohongshu workflows and no unrelated cloud or system credentials are requested.
Instruction Scope
The SKILL.md instructs the agent to delegate all browser interactions to agent-browser-stealth and to read/write artifacts under a local data/ directory (cookies, screenshots, exports). It also enforces strict output formatting (e.g., must run the CLI to decode QR and paste QR text + ASCII) and requires running local verification/audit scripts before publishing. This is expected for the skill's purpose, but the SKILL.md contains rigid '回传规范' (return/output rules) that were flagged as a potential system-prompt-override pattern — likely an instruction-level constraint rather than an actual prompt-injection exploit, but you should be aware it attempts to control agent output formatting.
Install Mechanism
There is no registry install spec in the metadata, but SKILL.md instructs users to run 'npm i' locally. package.json dependencies (jsqr, pngjs, qrcode-terminal) are reasonable and limited to QR/cookie/image utilities. No downloads from arbitrary URLs or extract-from-remote steps were found.
Credentials
The registry declares no required env vars or credentials, which matches most usage. Configuration includes an AI provider section (base_url set to api.openai.com) and the review script accepts an ai-provider option — AI calls appear optional and can be disabled via flags. If you enable AI features, an API key (not declared) would be needed; otherwise operation should be local. No unrelated secrets or cloud credentials are requested.
Persistence & Privilege
The skill is not always-on, is user-invocable, and does not request persistent system-wide privileges or modify other skills. It reads/writes only local files under data/ and project config; no elevated privileges or always:true settings were requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xhs-skill - After installation, invoke the skill by name or use
/xhs-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.15
docs: 增强发布路由定位与回查稳定性
v1.0.14
docs: 补充发版前快速自检清单
v1.0.13
**Summary:**
Deprecates in-repo automation for note publishing; all publishing browser automation must now be executed by `agent-browser-stealth` in interactive sessions.
- Removed in-repository publishing script (`scripts/publish_from_payload.mjs`)
- Updated documentation to prohibit maintaining browser publishing automation within this repository
- Clarified all publishing actions must be manually or interactively controlled via `agent-browser-stealth`
- Documentation and workflow guidance updated accordingly, reflecting stricter separation of concerns
v1.0.12
新增分层审核门禁与 risk_path/review_queue 输出
v1.0.11
强化来源证据与真实话题门禁,收紧 anti-AI 校验
v1.0.10
新增反AI文案门禁与真实标签池校验,发布前强制真实话题确认
v1.0.9
全面切换 agent-browser-stealth,禁用 agent-browser,并补充防封发布策略与频率门禁
v1.0.8
修复一键发布上传:优先选择 input[type=file]
v1.0.7
修复一键发布:兼容 agent-browser snapshot refs 新结构
v1.0.6
添加一键发布命令、禁链接门禁、登录验收放宽
v1.0.5
固化发布可靠性 checklist:\n 门禁、图片3:4校验、发布后读回闭环
v1.0.4
强化热点发布门禁:禁止截图直发,强制标题正文标签来源校验
v1.0.3
统一触发元数据与登录验收标准:新增 openai.yaml、登录校验脚本与结果契约
v1.0.2
强化登录与发布硬性校验:web_session必需、串行session、ref重抓、ProseMirror与标题长度校验
v1.0.1
修复登录流程:二维码必须回传文本与ASCII,禁止仅返回文件路径
v1.0.0
xhs-skill v1.0.0
- 首次发布:将小红书(创作者中心)登录、发布、数据导出能力整合为单一入口,安装一次即可使用全部功能。
- 浏览器所有交互(登录、扫码、上传、截图、导出等)统一委托给 agent-browser。
- 所有敏感数据(cookies、截图、导出文件)仅保存在本机 data/ 目录。
- 提供本地 CLI 工具,支持二维码显示、cookies 归一化及转换为 HTTP header。
- 支持发布图文/视频笔记并集成素材自动准备流程,可方便用户定制配图或图标需求。
- 支持从创作者中心批量导出数据(CSV/XLSX/截图)并自动归档至本地。
Metadata
Frequently Asked Questions
What is Xhs Skill?
小红书(创作者中心)登录拿 cookies、发布笔记、导出数据的单一入口技能(浏览器交互委托 agent-browser-stealth). It is an AI Agent Skill for Claude Code / OpenClaw, with 2718 downloads so far.
How do I install Xhs Skill?
Run "/install xhs-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Xhs Skill free?
Yes, Xhs Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Xhs Skill support?
Xhs Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Xhs Skill?
It is built and maintained by 郭立lee (@leeguooooo); the current version is v1.0.15.
More Skills