← 返回 Skills 市场
batxent

rednote-contacts

作者 tommy · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
90
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install rednote-contacts
功能描述
Run the installed red-crawler CLI for Xiaohongshu contact discovery. Requires the red-crawler command and Playwright browser runtime; not instruction-only.
安全使用建议
This skill appears to be what it says: a thin wrapper that runs your local red-crawler CLI. Before installing or invoking it, consider the following: - Confirm you trust and have installed the red-crawler CLI and Playwright separately; this skill will call the CLI in your workspace. - The skill reads/writes a Playwright storage_state JSON (session cookies) and a local SQLite DB; those files contain sensitive authentication data and scraped personal contact information—store and share them carefully. - The skill accepts a configurable runner_command. Do not set runner_command to untrusted binaries or paths, because the skill will execute that command with arguments constructed from inputs. - Running the crawler will contact Xiaohongshu and collect contact leads; ensure you are legally and ethically allowed to scrape that data and that you comply with service terms and privacy regulations. - Prefer running this wrapper in an isolated environment (container or dedicated machine) and review CLI stdout/stderr and output artifacts (CSV/JSON) before exporting or sharing. If you want a deeper review, provide the full, untruncated src/index.py to confirm there are no hidden behaviors; currently the visible code is consistent with the documented wrapper behavior.
功能分析
Type: OpenClaw Skill Name: rednote-contacts Version: 1.0.1 The skill serves as a wrapper for the 'red-crawler' CLI tool but contains a high-risk configuration vulnerability in 'src/index.py'. The 'runner_command' parameter, defined in 'manifest.yaml', can be overridden by user input or configuration to execute arbitrary system binaries instead of the intended crawler. While this flexibility is likely intended to support various environments like WSL2 (as noted in 'SKILL.md'), it creates a significant command injection surface that could be exploited via prompt injection to run unauthorized code on the host system.
能力评估
Purpose & Capability
The name/description (operate the red-crawler CLI for Xiaohongshu contact discovery) matches the manifest, SKILL.md, and code: the skill builds and runs red-crawler commands, works against a workspace, and expects Playwright storage state and a local SQLite DB. The declared requirements in manifest (binaries: red-crawler, network access, sensitive Playwright state) are consistent with the described purpose.
Instruction Scope
The SKILL.md instructs the agent to run local red-crawler CLI commands (login, crawl-seed, collect-nightly, report-weekly, list-contactable) and to read/write files under the configured workspace (state.json, DB, outputs). This is coherent for a crawler wrapper, but it means the skill will access sensitive session state (Playwright storage JSON) and any files in the workspace; it may surface stdout/stderr from the CLI in outputs. The instructions do not direct data to external endpoints beyond running the CLI (which itself accesses Xiaohongshu); however, the resulting artifacts can contain scraped PII, so operational and legal/privacy concerns apply.
Install Mechanism
There is no automated install spec — the skill is a wrapper and relies on an existing red-crawler CLI and optionally an installed Playwright runtime. No downloads or archive extraction are performed by the skill itself. This is low-risk from an install-mechanism perspective.
Credentials
The skill does not request unrelated environment variables or external credentials, which is appropriate. It does require access to a Playwright storage state file (sensitive because it contains authenticated session cookies) and the workspace filesystem (database, output directories). Those are proportionate to the stated purpose but are sensitive: exposing storage_state or the DB could leak authentication or scraped contact information.
Persistence & Privilege
The skill is not forced-always, model invocation is allowed (platform default). It does not request system-wide persistent privileges or claim to modify other skills. It does allow configuration of runner_command (which lets operators point at a different binary), which is expected for a CLI wrapper but should be set to trusted binaries.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install rednote-contacts
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /rednote-contacts 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
## rednote-contacts 1.0.1 Changelog - Updated documentation to reflect new skill name (`rednote_contacts`) and clarify usage as a wrapper for the installed `red-crawler` CLI. - SKILL.md revised for accuracy: instructions for dependency installation and operational notes now reflect package-based workflow, not repository checkout. - Added Python bytecode cache files for index and test modules. - No changes to executable logic; update is documentation and metadata only.
v1.0.0
rednote-contacts 1.0.0 – Initial release - Provides a portable CLI wrapper to operate the red-crawler runtime from OpenClaw workflows. - Supports installation, bootstrapping, login/session management, seed crawling, nightly data collection, weekly reporting, and querying contactable creators. - Includes detailed command examples and parameter documentation for all supported red-crawler actions. - Documents environment setup instructions and common troubleshooting steps for Windows (WSL2), Linux, and macOS. - Maps common natural language prompts to CLI actions for easier automation and usage.
元数据
Slug rednote-contacts
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

rednote-contacts 是什么?

Run the installed red-crawler CLI for Xiaohongshu contact discovery. Requires the red-crawler command and Playwright browser runtime; not instruction-only. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 90 次。

如何安装 rednote-contacts?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install rednote-contacts」即可一键安装,无需额外配置。

rednote-contacts 是免费的吗?

是的,rednote-contacts 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

rednote-contacts 支持哪些平台?

rednote-contacts 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 rednote-contacts?

由 tommy(@batxent)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论