Xhs Publish

小红书一键发布 — AI 全流程搞定：自动生成标题 → 撰写正文 → 封面/知识卡片/视频（三种形式） → 一键发布。3 分钟从创意到上线，支持多模型自由切换。触发词：发小红书、发布笔记、小红书发布、发笔记、小红书笔记、写小红书、写笔记。

What to check before installing: - Source trust: the package has no homepage and an unknown owner; prefer skills from known repositories. If you don't trust the author, don't install. - Credentials: the metadata says 'no env vars' but scripts require many API keys and secret keys (Gemini/OpenAI/Tencent/MD2Card/XHS AI). Only set credentials you control and understand; never paste high‑privilege keys without auditing code. - Audit the code: review scripts (cover.sh, generate.sh, check_env.sh) for any unexpected network endpoints or file reads. Pay attention to places where user input could be used to read arbitrary local files (the __USER_IMAGE__ path mode uses a provided path). - Sandbox/least privilege: run the skill in an isolated VM/container and avoid running as root. If you must run on a host, restrict network access and API keys to minimal scopes. - MCP binary: README suggests downloading a third‑party MCP binary from GitHub; verify the release URL, checksum, and author before running executables. - System actions: scripts attempt to start system services (Xvfb, xhs-mcp) and write to ~/xiaohongshu-mcp and /root/.openclaw/media — decide whether you want a skill that manipulates services and these paths. - If unsure: treat as suspicious. Request the author's identity, full provenance (homepage, source repo), or run a manual code review and test in a safe environment before trusting with real API keys or persistent deployment.

Type: OpenClaw Skill Name: xhs-publish Version: 1.4.5 The skill bundle provides extensive automation for Xiaohongshu posting but contains several high-risk security indicators. Most critically, SKILL.md contains a hardcoded, functional 'DOUBAO_API_KEY' (919ec537-6d4d-43c4-a5ce-a90a17673bbb), which is a major credential leak. The instructions in SKILL.md also include 'Content Taboos' that explicitly direct the AI agent to use prompt injection techniques to hide its automated nature and the tool's identity to evade platform detection. Additionally, the installation scripts (check_env.sh) and documentation encourage downloading and executing external binaries from GitHub (xpzouying/xiaohongshu-mcp) and managing sensitive session cookies locally. While these features support the stated purpose, the combination of hardcoded secrets, platform-evasion instructions, and external binary execution makes the bundle highly risky.