← 返回 Skills 市场
Xhsfenxi Pro
作者
Cosmos Fang
· GitHub ↗
· v2.0.0
· MIT-0
78
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install xhsfenxi-pro
功能描述
小红书全链路分析 skill。数据采集(SeleniumBase XHR拦截)+ 博主深度分析(三型分类 + 五层模型 + hsword内核三段论)+ 爆款选题公式(6模型 + 30选题方向)+ 结构化报告 + 黑体Word交付。 整合 xhscosmoskill(采集引擎)+ xhsfenxi(分析框架)+ h...
安全使用建议
This package appears to be a developer-created Xiaohongshu scraper + analysis tool and largely does what it says, but review before using: 1) It requires SeleniumBase, a compatible browser (Chrome/Chromium) and drivers — those are not declared in the registry; install them in a controlled environment (e.g., a VM or container). 2) The tool needs a login cookie file (xhs_cookies.json) to access authenticated endpoints; cookies are effectively session credentials: treat them like secrets. 3) The README/SKILL.md reference a login script (xhs_login.py) that is not included — confirm how you will obtain safe cookies. 4) The code can post comments (post_comment) as the logged-in user — avoid using your primary account until you trust the code. 5) SKILL.md contains absolute developer paths (Desktop paths, LIB_ROOT) suggesting it's tailored to the author’s machine — change paths to safe locations. 6) The skill writes to files inside its package (data/*.json) and creates Word reports; consider running it in an isolated environment and inspect outputs. If you need to proceed, run in a sandbox, review xhs_login.py or create your own secure cookie generation workflow, and audit third‑party dependencies (seleniumbase and any underlying undetected/UC tooling) before granting credentials.
功能分析
Type: OpenClaw Skill
Name: xhsfenxi-pro
Version: 2.0.0
The skill bundle provides extensive Xiaohongshu (XHS) scraping and analysis capabilities using SeleniumBase and XHR interception. It contains high-risk features including an automated commenting function (`post_comment` in `client.py`) which the `SKILL.md` documentation explicitly claims is 'out of scope,' suggesting a discrepancy between stated and actual capabilities. Additionally, the code contains numerous hardcoded absolute file paths to sensitive session cookies (e.g., in `utils.py` and `SKILL.md`), which is a significant security vulnerability. While no clear evidence of data exfiltration or intentional malice was found, the combination of automated interaction capabilities and poor credential management warrants a suspicious classification.
能力标签
能力评估
Purpose & Capability
The name/description (Xiaohongshu full‑pipeline analysis) matches the code: browser-based XHR interception, data parsing, analysis, formula/report generation and Word export. The package includes scraping client, analyzer, formula engine and report builders which are appropriate for the stated goal. Minor surprises: it includes a post_comment method (ability to act as the logged-in user) and persistent local DB writes (data/bloggers.json, data/archetypes.json). Those capabilities can be legitimate for this tool but are privileged and should be explicit in the description.
Instruction Scope
SKILL.md and README instruct the agent to read and use local cookie files (absolute paths to a developer's Desktop), rely on an external xhs_login.py to generate cookies (but xhs_login.py is not present in the provided file list), and add a developer LIB_ROOT to sys.path in examples. The runtime instructions reference writing to local DB files and generating Word docs. There are hard-coded/example local paths and assumptions about where cookie files live — this couples runtime to the originating developer environment and implies the skill will access files on the host filesystem (cookies, reports). The instructions do not clearly enumerate needed Python packages or browser drivers yet direct the agent to run browser-based scraping.
Install Mechanism
No formal install spec is present. The README suggests 'pip install seleniumbase' and the code relies on SeleniumBase UC mode and CDP (Chrome/Chromium + drivers). Those runtime dependencies (seleniumbase, a compatible browser, undetected/UC mode components) are not declared in metadata. Lack of an install spec or declared dependencies increases friction and risk: the agent/user may install/execute this without satisfying the browser/tooling requirements, or may need to add third‑party helper packages that aren't tracked here.
Credentials
The skill does not request API keys/secret env vars, which is appropriate. However, it requires a user login cookie file (xhs_cookies.json) to function; this credential requirement is not documented in the registry metadata. The code will read and inject cookies (and can post comments using them), and it persists analysis results to local files. Asking for cookie files (which are equivalent to session credentials) is proportional to a scraper, but this credential handling is not made explicit in the declared requirements and could be overlooked by users.
Persistence & Privilege
The skill does not set always:true and does not request system-level privileges. It does persist data and modify files under its own package (data/archetypes.json, data/bloggers.json) — this is consistent with a local 'database' but means the skill will write to the installed package directory. It does not appear to modify other skills or global agent settings. The ability to post comments means, if given valid cookies, it can act on behalf of the user — a nontrivial privilege.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xhsfenxi-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/xhsfenxi-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
**Major update: xhsfenxi-pro 2.0.0 delivers a fully integrated full-stack Xiaohongshu blogger analysis suite.**
- Combines data collection (SeleniumBase XHR interception), deep blogger analysis (three-archetype system, five-layer persona model, hsword framework), viral topic formula generation (6 models, 30+ directions), and report generation in Markdown & Word formats.
- Integrates three systems: xhscosmoskill (data collection engine), xhsfenxi (analysis framework), and hsword (case studies and persona theory).
- Provides new, ready-to-use APIs for writing, analyzing, comparing, and exporting reports, plus an evolving archetype/blogger database.
- Standardizes evidence grading, document templates, and cookie management with health checking.
- Expanded documentation includes full toolchains, practical example code, archetype taxonomy, and reporting instructions.
- Clear in/out of scope guidance and security notes—no private data required, strictly browser data collection.
元数据
常见问题
Xhsfenxi Pro 是什么?
小红书全链路分析 skill。数据采集(SeleniumBase XHR拦截)+ 博主深度分析(三型分类 + 五层模型 + hsword内核三段论)+ 爆款选题公式(6模型 + 30选题方向)+ 结构化报告 + 黑体Word交付。 整合 xhscosmoskill(采集引擎)+ xhsfenxi(分析框架)+ h... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 78 次。
如何安装 Xhsfenxi Pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xhsfenxi-pro」即可一键安装,无需额外配置。
Xhsfenxi Pro 是免费的吗?
是的,Xhsfenxi Pro 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Xhsfenxi Pro 支持哪些平台?
Xhsfenxi Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Xhsfenxi Pro?
由 Cosmos Fang(@cosmofang)开发并维护,当前版本 v2.0.0。
推荐 Skills