← 返回 Skills 市场
283
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install redbookskills
功能描述
将图文/视频内容自动发布到小红书(XHS)。 支持三类任务:发布图文、发布视频、仅启动测试浏览器(不发布)。
安全使用建议
This skill appears to implement what it claims, but it is powerful and interacts with sensitive local resources. Before installing or running it:
- Only use with test accounts or Chrome profiles you are willing to grant automated access to (it uses user-data-dirs and can read/use cookies/sessions).
- Review and back up any Chrome profile directories you care about; the account manager can delete profile dirs with a flag.
- Be cautious when passing a remote --host/--port: connecting to a remote CDP exposes whatever Chrome that host controls and could be used to operate on pages or exfiltrate data. Avoid supplying remote hosts unless you fully trust them.
- The skill will download media from arbitrary URLs into temp directories; verify URLs before use and clean up temp files if needed.
- There is at least one small code-quality issue (missing timedelta import) that could cause runtime errors; consider running the scripts manually in a controlled environment first.
- If you plan to let an autonomous agent invoke this skill, limit the agent's privileges and ensure prompts/inputs are validated (e.g., avoid giving it paths to sensitive local files or administrative profile names).
功能分析
Type: OpenClaw Skill
Name: redbookskills
Version: 1.0.0
The skill bundle provides a comprehensive Xiaohongshu (XHS) automation toolkit using the Chrome DevTools Protocol (CDP). While the logic is aligned with the stated purpose of content publishing, it employs several high-risk capabilities, including programmatic browser control, network traffic interception to capture API responses (found in `cdp_publish.py`), and remote media downloading (`image_downloader.py`). The scripts also manage sensitive browser profile data in the user's local application directory (`account_manager.py`). Although the instructions in `SKILL.md` include safety constraints such as requiring user confirmation before publishing, the inherent risks associated with automated browser manipulation and the potential for credential handling via CDP warrant a cautious classification.
能力评估
Purpose & Capability
Name/description (post to Xiaohongshu) align with included code: Chrome launcher, CDP publisher, feed extractor, image/video downloader, and account manager are all expected for an automated posting skill.
Instruction Scope
SKILL.md explicitly instructs launching/managing Chrome, checking login, extracting page state (xsecToken), downloading remote media, writing title/content files, and executing publish commands. These steps match the code, but they give the skill broad access to local Chrome profiles (cookies/session), arbitrary downloads, and the ability to connect to a remote CDP host (which gives control over whichever Chrome instance is exposed). Also note a minor code bug: validate_schedule_post_time references timedelta but timedelta is not imported (runtime error potential).
Install Mechanism
No install spec; repository contains Python scripts and requirements.txt (requests, websockets). Nothing is downloaded from external arbitrary URLs at install time. Risk surface is runtime, not install-time.
Credentials
The skill declares no required environment variables, which is consistent. However it does read LOCALAPPDATA / user home to build Chrome profile paths and writes config/accounts.json and temporary files. It will create and (optionally) delete Chrome profile directories. Those file-system and profile accesses are necessary for the stated capability but are sensitive — they effectively give the skill access to any cookies/sessions stored in those profiles.
Persistence & Privilege
always:false (normal). The skill will create local config files (config/accounts.json) and temporary download directories and may create Chrome user-data-dirs for accounts. It also can delete profile dirs when remove-account --delete-profile is used. These are normal for a multi-account automation tool but represent persistent local state and potential for destructive action if invoked with that flag.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install redbookskills - 安装完成后,直接呼叫该 Skill 的名称或使用
/redbookskills触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
redbookskills 是什么?
将图文/视频内容自动发布到小红书(XHS)。 支持三类任务:发布图文、发布视频、仅启动测试浏览器(不发布)。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 283 次。
如何安装 redbookskills?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install redbookskills」即可一键安装,无需额外配置。
redbookskills 是免费的吗?
是的,redbookskills 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
redbookskills 支持哪些平台?
redbookskills 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 redbookskills?
由 Viv888-AI(@viv888-ai)开发并维护,当前版本 v1.0.0。
推荐 Skills