← 返回 Skills 市场
lucasygu

redbook

作者 lucasygu · GitHub ↗ · v0.7.2 · MIT-0
macos ⚠ suspicious
1457
总下载
2
收藏
8
当前安装
9
版本数
在 OpenClaw 中安装
/install redbook
功能描述
Search, read, analyze, and automate Xiaohongshu (小红书) content via CLI
安全使用建议
What to consider before installing/running this skill: - This package authenticates by reading your browser cookies (Chrome). That requires access to Chrome profile files and on macOS may trigger Keychain prompts; if you are logged into a Xiaohongshu account you supply those session credentials to the tool. Only install this if you trust the source and understand cookie-based auth risks. - The npm postinstall script will: (a) create a symlink at ~/.claude/skills/redbook so Claude Code gains an automatic /redbook command, and (b) patch files inside node_modules/@steipete/sweet-cookie to change timeouts/SQL behavior. These are intrusive, persistent changes done without a separate opt-in step. If you prefer not to have automatic registration or dependency patching, avoid running install scripts (e.g., use npm with scripts disabled) or review/modify scripts before running. - The code is coherent with its stated purpose (search/read/analyze/post). Still, review src/lib/client.ts and src/lib/cookies.ts yourself to confirm which remote endpoints are contacted and to validate error handling. Look for any unexpected outbound endpoints beyond the described XHS APIs. - The pre-scan flagged a base64-block inside SKILL.md. Inspect that encoded content to ensure it is benign (e.g., an embedded image or sample) and not malicious prompt injection or hidden instructions. - Safer ways to evaluate: run the CLI in an isolated environment or VM; test with a throwaway XHS account; or install without running postinstall (npm install --ignore-scripts) then manually inspect/enable the behaviors you want. If you rely on Claude Code integration, review ~/.claude/skills after installation and the package's postinstall script to confirm the symlink target. - If you are not comfortable with local modifications (symlink or dependency patches) or giving a CLI direct access to browser session cookies, do not install or only use a vetted, reviewed binary/source.
功能分析
Type: OpenClaw Skill Name: redbook Version: 0.7.2 The redbook skill bundle is a legitimate CLI tool for Xiaohongshu (XHS) automation and analysis. It extracts browser cookies locally (via sweet-cookie and a CDP fallback in src/lib/cdp-cookies.ts) to authenticate with XHS APIs, which is consistent with its stated purpose. The post-install script (scripts/postinstall.js) performs targeted patches on its dependencies to fix specific bugs related to macOS keychain timeouts and BigInt handling, which is a functional requirement rather than a malicious act. The SKILL.md provides detailed operational instructions for AI agents, including safety guidelines such as rate limits, jitter, and dry-run requirements to prevent account bans. No evidence of data exfiltration, unauthorized remote control, or malicious prompt injection was found.
能力标签
crypto
能力评估
Purpose & Capability
The name/description (Xiaohongshu CLI that uses browser cookies) matches the code and SKILL.md: the package provides a 'redbook' binary, cookie-extraction logic, request signing, and API calls to XHS endpoints. Minor mismatch: README claims multi-OS support, but the SKILL.md/metadata restricts the skill to macOS — this is a small metadata inconsistency but not a functional break.
Instruction Scope
SKILL.md instructs agents to install the npm package and run the redbook CLI (search/read/analyze/post). It explicitly relies on reading local browser cookies (Chrome profile paths, keychain access) which is necessary for cookie-based auth. The SKILL.md includes a pre-scan 'base64-block' injection signal (see scan_findings). Allowed-tools include Read/Write/Bash which lets the agent run CLI commands and read local files — appropriate for the stated workflow but grants access to browser cookie storage and local state files.
Install Mechanism
Install uses an npm package (@lucasygu/redbook) (expected). However the package's postinstall script performs two notable actions: (1) creates a symlink at ~/.claude/skills/redbook to auto-register the skill with Claude Code, and (2) patches files inside node_modules/@steipete/sweet-cookie to change keychain timeout and SQL handling. Both are written to disk during install and modify user/home paths and dependency internals — behavior that is explainable for integration/compatibility but is intrusive and increases risk compared to a pure instruction-only skill or a package that does not alter other on-disk tooling.
Credentials
The skill does not request cloud API keys or unrelated credentials in requires.env. It uses browser cookies (a1, web_session) to authenticate, which is proportional to its functionality. The package discusses optional Gemini integration (GEMINI_API_KEY) but does not require it by default.
Persistence & Privilege
always:false (normal). The postinstall symlink registers the skill with Claude Code by writing to ~/.claude/skills, giving the skill an automatic invocation path in that tool — this is a persistent side-effect of installation (but not an 'always:true' global activation). The package also modifies dependency files inside node_modules on install (persistent until package removed), which is an additional persistence risk to be aware of.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install redbook
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /redbook 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.7.2
redbook v0.7.2 - Updated dependencies in package.json for improved stability or compatibility. - No user-facing features or documentation changes.
v0.7.1
- Bump skill version from 0.5.0 to 0.7.1 in package.json. - No functional or documentation changes to the skill itself.
v0.7.0
redbook 0.7.0 - Added documentation on content language strategy (`docs/content-language-strategy.md`) - Introduced new URL utility module (`src/lib/url.ts`) - Updated CLI logic and project metadata to support new features and library structure - Improved internal code organization for better maintainability
v0.6.0
Redbook 0.6.0 introduces new API coverage and CLI commands for advanced account and note operations. - Added health check module (`health.ts`) and new `redbook health` CLI command for note status and risk analysis. - Expanded account ops: like, unlike, delete note, list followers/following, boards, and albums via CLI. - CLI reference updated with new commands, including `like`, `unlike`, `delete`, `followers`, `following`, `boards`, `board`, and publishing image notes. - Infrastructure changes in codebase to support new endpoints and improve modularity.
v0.5.1
redbook 0.5.1 - Updated dependencies in package.json and package-lock.json - Modified src/lib/cdp-cookies.ts (details not specified) - No user-facing command or API changes documented
v0.5.0
Redbook v0.5.0 - Added support for managing Xiaohongshu favorites: new `favorites`, `collect`, and `uncollect` CLI commands. - Extended CLI quick reference with new commands for listing and modifying collections. - Documentation updated to reflect expanded content automation and engagement features. - Various improvements across the codebase.
v0.4.0
- Added Chrome DevTools Protocol (CDP) cookie extraction (new src/lib/cdp-cookies.ts). - Refactored internal cookie handling to support additional extraction methods. - Improved CLI and core library structure for greater maintainability. - Updated documentation to reflect new cookie options. - Bumped version to 0.4.0.
v0.3.3
- Adds new `render` command to convert markdown to Xiaohongshu-styled cards. - Major version bump: v0.2.0 → v0.3.3. - Documentation expanded with usage and command references for new features. - Internal codebase updated: new files for rendering support, improvements across CLI and reply strategy.
v0.2.0
Initial ClawHub release — XHS CLI with 14 commands, 11 analysis modules (A-K), comment ops, viral templates
元数据
Slug redbook
版本 0.7.2
许可证 MIT-0
累计安装 9
当前安装数 8
历史版本数 9
常见问题

redbook 是什么?

Search, read, analyze, and automate Xiaohongshu (小红书) content via CLI. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1457 次。

如何安装 redbook?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install redbook」即可一键安装,无需额外配置。

redbook 是免费的吗?

是的,redbook 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

redbook 支持哪些平台?

redbook 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(macos)。

谁开发了 redbook?

由 lucasygu(@lucasygu)开发并维护,当前版本 v0.7.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论