← Back to Skills Marketplace
batxent

rednote-contacts

by tommy · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
90
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install rednote-contacts
Description
Run the installed red-crawler CLI for Xiaohongshu contact discovery. Requires the red-crawler command and Playwright browser runtime; not instruction-only.
Usage Guidance
This skill appears to be what it says: a thin wrapper that runs your local red-crawler CLI. Before installing or invoking it, consider the following: - Confirm you trust and have installed the red-crawler CLI and Playwright separately; this skill will call the CLI in your workspace. - The skill reads/writes a Playwright storage_state JSON (session cookies) and a local SQLite DB; those files contain sensitive authentication data and scraped personal contact information—store and share them carefully. - The skill accepts a configurable runner_command. Do not set runner_command to untrusted binaries or paths, because the skill will execute that command with arguments constructed from inputs. - Running the crawler will contact Xiaohongshu and collect contact leads; ensure you are legally and ethically allowed to scrape that data and that you comply with service terms and privacy regulations. - Prefer running this wrapper in an isolated environment (container or dedicated machine) and review CLI stdout/stderr and output artifacts (CSV/JSON) before exporting or sharing. If you want a deeper review, provide the full, untruncated src/index.py to confirm there are no hidden behaviors; currently the visible code is consistent with the documented wrapper behavior.
Capability Analysis
Type: OpenClaw Skill Name: rednote-contacts Version: 1.0.1 The skill serves as a wrapper for the 'red-crawler' CLI tool but contains a high-risk configuration vulnerability in 'src/index.py'. The 'runner_command' parameter, defined in 'manifest.yaml', can be overridden by user input or configuration to execute arbitrary system binaries instead of the intended crawler. While this flexibility is likely intended to support various environments like WSL2 (as noted in 'SKILL.md'), it creates a significant command injection surface that could be exploited via prompt injection to run unauthorized code on the host system.
Capability Assessment
Purpose & Capability
The name/description (operate the red-crawler CLI for Xiaohongshu contact discovery) matches the manifest, SKILL.md, and code: the skill builds and runs red-crawler commands, works against a workspace, and expects Playwright storage state and a local SQLite DB. The declared requirements in manifest (binaries: red-crawler, network access, sensitive Playwright state) are consistent with the described purpose.
Instruction Scope
The SKILL.md instructs the agent to run local red-crawler CLI commands (login, crawl-seed, collect-nightly, report-weekly, list-contactable) and to read/write files under the configured workspace (state.json, DB, outputs). This is coherent for a crawler wrapper, but it means the skill will access sensitive session state (Playwright storage JSON) and any files in the workspace; it may surface stdout/stderr from the CLI in outputs. The instructions do not direct data to external endpoints beyond running the CLI (which itself accesses Xiaohongshu); however, the resulting artifacts can contain scraped PII, so operational and legal/privacy concerns apply.
Install Mechanism
There is no automated install spec — the skill is a wrapper and relies on an existing red-crawler CLI and optionally an installed Playwright runtime. No downloads or archive extraction are performed by the skill itself. This is low-risk from an install-mechanism perspective.
Credentials
The skill does not request unrelated environment variables or external credentials, which is appropriate. It does require access to a Playwright storage state file (sensitive because it contains authenticated session cookies) and the workspace filesystem (database, output directories). Those are proportionate to the stated purpose but are sensitive: exposing storage_state or the DB could leak authentication or scraped contact information.
Persistence & Privilege
The skill is not forced-always, model invocation is allowed (platform default). It does not request system-wide persistent privileges or claim to modify other skills. It does allow configuration of runner_command (which lets operators point at a different binary), which is expected for a CLI wrapper but should be set to trusted binaries.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install rednote-contacts
  3. After installation, invoke the skill by name or use /rednote-contacts
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
## rednote-contacts 1.0.1 Changelog - Updated documentation to reflect new skill name (`rednote_contacts`) and clarify usage as a wrapper for the installed `red-crawler` CLI. - SKILL.md revised for accuracy: instructions for dependency installation and operational notes now reflect package-based workflow, not repository checkout. - Added Python bytecode cache files for index and test modules. - No changes to executable logic; update is documentation and metadata only.
v1.0.0
rednote-contacts 1.0.0 – Initial release - Provides a portable CLI wrapper to operate the red-crawler runtime from OpenClaw workflows. - Supports installation, bootstrapping, login/session management, seed crawling, nightly data collection, weekly reporting, and querying contactable creators. - Includes detailed command examples and parameter documentation for all supported red-crawler actions. - Documents environment setup instructions and common troubleshooting steps for Windows (WSL2), Linux, and macOS. - Maps common natural language prompts to CLI actions for easier automation and usage.
Metadata
Slug rednote-contacts
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is rednote-contacts?

Run the installed red-crawler CLI for Xiaohongshu contact discovery. Requires the red-crawler command and Playwright browser runtime; not instruction-only. It is an AI Agent Skill for Claude Code / OpenClaw, with 90 downloads so far.

How do I install rednote-contacts?

Run "/install rednote-contacts" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is rednote-contacts free?

Yes, rednote-contacts is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does rednote-contacts support?

rednote-contacts is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created rednote-contacts?

It is built and maintained by tommy (@batxent); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments