xiaohongshuskills

将图文/视频内容自动发布到小红书（XHS）。 支持三类任务：发布图文、发布视频、仅启动测试浏览器（不发布）。

Plain-language checklist before installing or running this skill: - Review and run the code in an isolated environment first (VM or throwaway account) — these scripts will execute on your machine. - Chrome is required but not declared: ensure you install Chrome and run the tool with a dedicated Chrome profile (do NOT point it at your primary browser profile). The tool creates/manages user-data-dirs and can delete them when asked (remove-account --delete-profile). - The skill reads/writes local files (config/, tmp/) and stores login/cache info; expect persistent session data on disk. - The tool can download arbitrary media URLs and will save them in a temp directory — only provide trusted URLs. - Be careful with remote CDP (--host not localhost): connecting to an untrusted remote Chrome instance or allowing remote CDP access may expose sensitive data (cookies, pages). Avoid remote mode unless you control the remote machine. - The SKILL.md says human confirmation is required before publishing, but the code supports --auto-publish which bypasses confirmation. If you allow autonomous agent invocation, ensure the agent is not permitted to call publish commands with --auto-publish. - If you need to use this: create a dedicated OS user or Chrome profile for testing, back up any important Chrome profiles, and run the scripts manually once to observe behavior before granting agent-level invocation. - If you are not comfortable auditing Python code, do not install it with elevated trust; prefer manual use only (run CLI yourself) rather than giving the skill autonomous privileges.

Type: OpenClaw Skill Name: xiaohongshuskills Version: 0.1.0 The skill bundle is classified as suspicious due to its extensive use of Chrome DevTools Protocol (CDP) for browser automation, including the powerful `Runtime.evaluate` command for arbitrary JavaScript execution and `DOM.setFileInputFiles` for local file uploads. While user input for these commands is consistently JSON-escaped (`json.dumps`) to mitigate direct prompt/JS injection, the inherent power and complexity of CDP interactions present a significant attack surface. Additionally, `account_manager.py` uses `shutil.rmtree` to delete Chrome profile directories, a powerful capability that, if exploited through path manipulation (though currently mitigated by safe path construction), could lead to data loss. There is no evidence of intentional malicious behavior such as data exfiltration or unauthorized remote control, and the `SKILL.md` explicitly mandates user confirmation before publishing, which is a strong mitigating control against prompt injection leading to unauthorized actions.