← Back to Skills Marketplace
Xhsfenxi Pro
by
Cosmos Fang
· GitHub ↗
· v2.0.0
· MIT-0
78
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install xhsfenxi-pro
Description
小红书全链路分析 skill。数据采集(SeleniumBase XHR拦截)+ 博主深度分析(三型分类 + 五层模型 + hsword内核三段论)+ 爆款选题公式(6模型 + 30选题方向)+ 结构化报告 + 黑体Word交付。 整合 xhscosmoskill(采集引擎)+ xhsfenxi(分析框架)+ h...
Usage Guidance
This package appears to be a developer-created Xiaohongshu scraper + analysis tool and largely does what it says, but review before using: 1) It requires SeleniumBase, a compatible browser (Chrome/Chromium) and drivers — those are not declared in the registry; install them in a controlled environment (e.g., a VM or container). 2) The tool needs a login cookie file (xhs_cookies.json) to access authenticated endpoints; cookies are effectively session credentials: treat them like secrets. 3) The README/SKILL.md reference a login script (xhs_login.py) that is not included — confirm how you will obtain safe cookies. 4) The code can post comments (post_comment) as the logged-in user — avoid using your primary account until you trust the code. 5) SKILL.md contains absolute developer paths (Desktop paths, LIB_ROOT) suggesting it's tailored to the author’s machine — change paths to safe locations. 6) The skill writes to files inside its package (data/*.json) and creates Word reports; consider running it in an isolated environment and inspect outputs. If you need to proceed, run in a sandbox, review xhs_login.py or create your own secure cookie generation workflow, and audit third‑party dependencies (seleniumbase and any underlying undetected/UC tooling) before granting credentials.
Capability Analysis
Type: OpenClaw Skill
Name: xhsfenxi-pro
Version: 2.0.0
The skill bundle provides extensive Xiaohongshu (XHS) scraping and analysis capabilities using SeleniumBase and XHR interception. It contains high-risk features including an automated commenting function (`post_comment` in `client.py`) which the `SKILL.md` documentation explicitly claims is 'out of scope,' suggesting a discrepancy between stated and actual capabilities. Additionally, the code contains numerous hardcoded absolute file paths to sensitive session cookies (e.g., in `utils.py` and `SKILL.md`), which is a significant security vulnerability. While no clear evidence of data exfiltration or intentional malice was found, the combination of automated interaction capabilities and poor credential management warrants a suspicious classification.
Capability Tags
Capability Assessment
Purpose & Capability
The name/description (Xiaohongshu full‑pipeline analysis) matches the code: browser-based XHR interception, data parsing, analysis, formula/report generation and Word export. The package includes scraping client, analyzer, formula engine and report builders which are appropriate for the stated goal. Minor surprises: it includes a post_comment method (ability to act as the logged-in user) and persistent local DB writes (data/bloggers.json, data/archetypes.json). Those capabilities can be legitimate for this tool but are privileged and should be explicit in the description.
Instruction Scope
SKILL.md and README instruct the agent to read and use local cookie files (absolute paths to a developer's Desktop), rely on an external xhs_login.py to generate cookies (but xhs_login.py is not present in the provided file list), and add a developer LIB_ROOT to sys.path in examples. The runtime instructions reference writing to local DB files and generating Word docs. There are hard-coded/example local paths and assumptions about where cookie files live — this couples runtime to the originating developer environment and implies the skill will access files on the host filesystem (cookies, reports). The instructions do not clearly enumerate needed Python packages or browser drivers yet direct the agent to run browser-based scraping.
Install Mechanism
No formal install spec is present. The README suggests 'pip install seleniumbase' and the code relies on SeleniumBase UC mode and CDP (Chrome/Chromium + drivers). Those runtime dependencies (seleniumbase, a compatible browser, undetected/UC mode components) are not declared in metadata. Lack of an install spec or declared dependencies increases friction and risk: the agent/user may install/execute this without satisfying the browser/tooling requirements, or may need to add third‑party helper packages that aren't tracked here.
Credentials
The skill does not request API keys/secret env vars, which is appropriate. However, it requires a user login cookie file (xhs_cookies.json) to function; this credential requirement is not documented in the registry metadata. The code will read and inject cookies (and can post comments using them), and it persists analysis results to local files. Asking for cookie files (which are equivalent to session credentials) is proportional to a scraper, but this credential handling is not made explicit in the declared requirements and could be overlooked by users.
Persistence & Privilege
The skill does not set always:true and does not request system-level privileges. It does persist data and modify files under its own package (data/archetypes.json, data/bloggers.json) — this is consistent with a local 'database' but means the skill will write to the installed package directory. It does not appear to modify other skills or global agent settings. The ability to post comments means, if given valid cookies, it can act on behalf of the user — a nontrivial privilege.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xhsfenxi-pro - After installation, invoke the skill by name or use
/xhsfenxi-pro - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
**Major update: xhsfenxi-pro 2.0.0 delivers a fully integrated full-stack Xiaohongshu blogger analysis suite.**
- Combines data collection (SeleniumBase XHR interception), deep blogger analysis (three-archetype system, five-layer persona model, hsword framework), viral topic formula generation (6 models, 30+ directions), and report generation in Markdown & Word formats.
- Integrates three systems: xhscosmoskill (data collection engine), xhsfenxi (analysis framework), and hsword (case studies and persona theory).
- Provides new, ready-to-use APIs for writing, analyzing, comparing, and exporting reports, plus an evolving archetype/blogger database.
- Standardizes evidence grading, document templates, and cookie management with health checking.
- Expanded documentation includes full toolchains, practical example code, archetype taxonomy, and reporting instructions.
- Clear in/out of scope guidance and security notes—no private data required, strictly browser data collection.
Metadata
Frequently Asked Questions
What is Xhsfenxi Pro?
小红书全链路分析 skill。数据采集(SeleniumBase XHR拦截)+ 博主深度分析(三型分类 + 五层模型 + hsword内核三段论)+ 爆款选题公式(6模型 + 30选题方向)+ 结构化报告 + 黑体Word交付。 整合 xhscosmoskill(采集引擎)+ xhsfenxi(分析框架)+ h... It is an AI Agent Skill for Claude Code / OpenClaw, with 78 downloads so far.
How do I install Xhsfenxi Pro?
Run "/install xhsfenxi-pro" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Xhsfenxi Pro free?
Yes, Xhsfenxi Pro is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Xhsfenxi Pro support?
Xhsfenxi Pro is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Xhsfenxi Pro?
It is built and maintained by Cosmos Fang (@cosmofang); the current version is v2.0.0.
More Skills