← Back to Skills Marketplace

小红书自动化

Name: 小红书自动化
Author: raininjunezz

by RainInJunezz · GitHub ↗ · v1.0.0 · MIT-0

darwinlinux ⚠ suspicious

291

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install xhs-bot-raininjunezz

Description

小红书自动化操作 - 发布笔记、管理账号、数据爬取、定时发布。使用浏览器自动化模拟真人操作。

Usage Guidance

Key things to consider before installing/running: - Do not run this against your main account until you confirm behavior with a disposable/test account: the bot stores session state locally and may contain auth cookies/tokens. - The metadata/install says 'puppeteer' but the code and package.json use 'playwright' — verify which package will actually be installed and that it matches the shipped code. Installing the wrong package could change runtime behavior. - The README/SKILL.md claim session encryption but the code writes JSON to the session path without encryption — assume the session file is plaintext unless you audit and modify the code to add real encryption. - Playwright/puppeteer will download browser binaries during install (large downloads). Prefer to run in a controlled environment (VM/container) and inspect network activity if you're concerned. - If you decide to proceed: review and test the code (scripts/xhs-bot.js), confirm where session files are written, consider encrypting or restricting permissions on the session file, run with a throwaway account first, and fix the install metadata mismatch so the declared install matches the actual dependency. If you want, I can point out the exact lines in scripts/xhs-bot.js that are misleading or help craft a minimal patch to actually encrypt session files or to align the install spec with the code.

Capability Analysis

Type: OpenClaw Skill Name: xhs-bot-raininjunezz Version: 1.0.0 The skill bundle provides legitimate browser automation for the Xiaohongshu platform using Playwright. The code in `scripts/xhs-bot.js` implements expected features such as note publishing, data scraping, and session management, with session data stored strictly in a local directory (~/.openclaw/xiaohongshu/). No evidence of data exfiltration, malicious remote execution, or harmful prompt injection was found; the implementation aligns perfectly with the stated purpose in SKILL.md and README.md.

Capability Assessment

ℹ Purpose & Capability

Name/description match the code: this is a browser-automation bot for Xiaohongshu that publishes, scrapes, and manages accounts. Required binary (node) and a browser-enabled config make sense for this purpose. However, the declared install in metadata uses 'puppeteer' while package.json and package-lock use 'playwright' — an inconsistency that could cause unexpected installs/behavior.

ℹ Instruction Scope

SKILL.md commands and the CLI in scripts/xhs-bot.js align (login, publish, scrape, comments, schedule). Instructions ask to store session state locally and configure headless/session path. SKILL.md and README claim '会话状态加密存储' (encrypted session storage), but the included code writes storageState JSON to ~/.openclaw/xiaohongshu/session.json (no encryption), which is a misleading claim and increases risk to account credentials.

⚠ Install Mechanism

Registry/install metadata lists installation of the 'puppeteer' package (creates 'puppeteer' binary), but package.json and package-lock.json declare and lock to 'playwright'. This mismatch is a material incoherence: installing the declared package may not match the code's expected runtime dependency. Both puppeteer/playwright installs download heavy browser binaries which is normal for this functionality but worth noting.

⚠ Credentials

The skill requests no cloud credentials and only uses local config + optional XHS_ env vars — reasonable for local browser automation. But it writes session/state files under the user's home directory which contain authentication cookies/tokens. The SKILL.md/README claim encryption but the code does not perform encryption; storing these files unencrypted may expose account credentials. Also the code reads process.env.HOME and environment flags (XHS_BROWSER_HEADLESS/XHS_SESSION_PATH) that are not listed in requires.env, though they are documented in examples.

✓ Persistence & Privilege

always is false and the skill does not request system-wide changes or other skills' credentials. It creates and writes its own session files under ~/.openclaw and manages local browser data — expected for this kind of skill.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install xhs-bot-raininjunezz
After installation, invoke the skill by name or use /xhs-bot-raininjunezz
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

初始版本 - 支持发布笔记、数据查看、评论管理、内容爬取

Metadata

Slug xhs-bot-raininjunezz

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is 小红书自动化?

小红书自动化操作 - 发布笔记、管理账号、数据爬取、定时发布。使用浏览器自动化模拟真人操作。 It is an AI Agent Skill for Claude Code / OpenClaw, with 291 downloads so far.

How do I install 小红书自动化?

Run "/install xhs-bot-raininjunezz" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 小红书自动化 free?

Yes, 小红书自动化 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 小红书自动化 support?

小红书自动化 is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).

Who created 小红书自动化?

It is built and maintained by RainInJunezz (@raininjunezz); the current version is v1.0.0.

More Skills