小红书自动化

小红书自动化 — 用 exec 工具运行脚本来登录、发布、爬热点、AI 生成图文。所有操作必须通过 exec 工具执行 uv run 命令，不要用 browser 工具。

This skill appears to be a coherent Xiaohongshu automation toolkit, but it performs sensitive, persistent actions: it will copy code into ~/.openclaw, install Python dependencies, modify your openclaw.json, create a Chrome profile and store site cookies (which allow posting as your account), and can run an automated 'auto' publish pipeline. Additional cautions: - Review code before running the installer: inspect scripts under xhs-toolkit/src, especially server/auth modules (smart_auth_server.py, mcp_server.py, cookie_manager.py) for any unexpected network endpoints or server behavior. - Do not paste real credentials (IMAGE_API_KEY, OPENCLAW_GATEWAY_TOKEN) until you trust the repository; consider using limited-scope API keys or test accounts. - Back up ~/.openclaw/openclaw.json before installer modifies it and inspect what values the installer writes. - The SKILL.md contains an instruction forbidding use of the browser tool and the file has unicode-control-chars — this is a prompt-injection pattern. Prefer to run the toolkit in an isolated environment (VM or container) first and step through installer actions manually. - Because the skill can auto-publish, avoid enabling or triggering the 'auto' mode until you have tested the pipeline in preview/dry-run mode and validated that saved cookies and publishing behavior are correct. If you want to proceed safely: clone the repo locally, inspect the files indicated above, run installer steps manually (copy files, run uv sync) while watching what gets written to disk, and consider limiting network access for the skill during initial tests.

Type: OpenClaw Skill Name: openclaw-xhs Version: 1.0.1 The skill is classified as suspicious due to its extensive use of web automation (Selenium) with full browser control, including persistent profiles, and the capability to download files from arbitrary URLs. While these features are aligned with the stated purpose of Xiaohongshu automation (login, content generation, publishing, data scraping), they introduce inherent risks. Specifically, `scripts/xhs_trending.py` and `scripts/xhs_auth.py` (and the underlying `xhs-toolkit/src/core/browser.py`) launch Chrome, potentially in a non-headless mode for login, and interact with web pages. The `scripts/xhs_generate_content.py` leverages `src/utils/image_processor.py` to download images from user-provided or AI-generated URLs, which could be abused for large file downloads or to introduce malicious content if the image processing library had vulnerabilities. The installer also modifies `~/.openclaw/openclaw.json`, a sensitive configuration file, which, while intended, is a high-privilege action. No direct evidence of intentional malice (e.g., exfiltration of unrelated sensitive data, backdoor installation) was found, and the `SKILL.md` instructions do not contain prompt injection attempts.