← Back to Skills Marketplace
71
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install xhs-cover-generator
Description
AI-powered cover design tool for Xiaohongshu creators that analyzes viral post data to generate high-conversion, platform-optimized cover designs.
Usage Guidance
What to consider before installing/running this skill:
- The included Python script contacts an unknown third‑party endpoint (onetotenvip.com) rather than an official Xiaohongshu API. Ask the author where that API comes from and whether it is trusted and permitted to serve this data.
- The script disables TLS certificate verification (verify_mode = CERT_NONE) and intentionally avoids sending SNI. Those are red flags: they enable connections to servers with invalid/forged certs and can be used to evade detection. Do not run the script in a production environment or on sensitive systems until this is justified or fixed.
- The instructions force the agent to fetch and embed the original coverUrl images unchanged and to analyze them with the agent's image tool. That causes many outbound requests to external hosts (potentially attacker-controlled) and can leak query terms or other metadata. If you must run it, do so from an isolated sandbox with monitored network egress.
- The SKILL.md lists requests>=2.28.0 but the script does not use requests; this mismatch suggests the package was edited or assembled carelessly — request clarification from the maintainer and prefer a request-based implementation with proper TLS verification.
- If you want similar functionality but safer behavior: require the API provider's provenance, use standard HTTPS clients that validate certs, or proxy all requests through a trusted service you control. Consider removing the requirement to embed unmodified remote images (download and cache after validating origin) and add logging of what is sent to external services.
- If you cannot verify the endpoint or author: do not enable autonomous invocation; test the skill only in a restricted VM with network monitoring and no access to sensitive credentials or internal networks.
Capability Analysis
Type: OpenClaw Skill
Name: xhs-cover-generator
Version: 1.0.0
The skill bundle contains a Python script (`fetch_explosive_covers.py`) that implements a custom HTTPS requester using raw sockets to intentionally bypass SNI (Server Name Indication) and explicitly disables SSL certificate verification (`ssl.CERT_NONE`). While these techniques are often used to evade network filters or anti-bot measures, they significantly weaken security and expose the agent to Man-in-the-Middle (MITM) attacks. The script communicates with a third-party API (onetotenvip.com) to fetch data. Although the functionality aligns with the stated goal of analyzing social media trends, the use of insecure networking practices and evasion tactics is highly irregular for a benign tool.
Capability Assessment
Purpose & Capability
The skill's stated purpose (generate Xiaohongshu cover designs from viral data) matches the included script and docs. However there are surprising elements: the Python script contacts a non-official domain (https://onetotenvip.com/skill/cozeSkill/getXhsCozeSkillData) rather than a known, documented API for Xiaohongshu, and the script implements a custom socket-based HTTPS client that purposely does not send SNI and disables TLS certificate verification. The SKILL.md declares a requests dependency but the provided script uses raw sockets/ssl instead of requests. These mismatches are unusual and not justified by the stated purpose.
Instruction Scope
Runtime instructions require running the included script and then: (a) directly using the original coverUrl fields (explicitly forbidding modification), (b) visiting and embedding the real cover images in reports, and (c) using the agent's image-reading tool to download/analyze each coverUrl. This forces the agent to make repeated outbound requests to remote hosts (which may be attacker-controlled), and to expose request metadata to the external API and image hosts. The docs also force strict terminology and insist on always including real images, which expands the scope of network I/O and increases data exposure.
Install Mechanism
No install spec is provided (instruction-only), which lowers installation risk. However the repo includes an executable script that will be run locally by the agent and which performs direct network connections using a custom TLS setup. There is no third-party package download, but executing the provided script still causes outbound network activity to the hardcoded endpoint.
Credentials
The skill does not request credentials, environment variables, or config paths (proportionate). Still, the code intentionally disables certificate checks and avoids SNI — techniques often used to evade network-level protections or to communicate with self-signed/hostile servers. The required behavior to fetch and embed cover images (unmodified) means the agent will contact external hosts and may leak usage patterns or data to those hosts; the skill does not document what data the API logs or retains.
Persistence & Privilege
The skill does not request persistent presence (always:false), does not modify other skills or system config, and has no install step that writes to system locations. There is no request for elevated privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xhs-cover-generator - After installation, invoke the skill by name or use
/xhs-cover-generator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of explosive-cover-generator skill.
- Provides AI-powered cover design specifically for Xiaohongshu content creators.
- Leverages daily analysis of 2000+ viral post covers to extract high-conversion visual patterns.
- Automates the creation of platform-optimized cover proposals based on current trends.
- Requires strict adherence to workflow and data format documentation in the skill directory.
Metadata
Frequently Asked Questions
What is xhs-cover-generator?
AI-powered cover design tool for Xiaohongshu creators that analyzes viral post data to generate high-conversion, platform-optimized cover designs. It is an AI Agent Skill for Claude Code / OpenClaw, with 71 downloads so far.
How do I install xhs-cover-generator?
Run "/install xhs-cover-generator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is xhs-cover-generator free?
Yes, xhs-cover-generator is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does xhs-cover-generator support?
xhs-cover-generator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created xhs-cover-generator?
It is built and maintained by if530770 (@if530770); the current version is v1.0.0.
More Skills