by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill is coherent for creating Xiaohongshu posts: it generates cover images locally (Pillow) and automates a browser that must be logged into the user's creator account. Before installing, ensure the OpenClaw node/browser profiles you give it access to are trusted (the agent will act using that logged-in session). Confirm your messaging channel and cron settings so drafts are reviewed before publishing—the skill emphasizes manual approval, but scheduled runs could still draft and announce c...详细分析 ▾
✓ 用途与能力
Name/description match the actual behavior: drafting content, generating a cover image (Pillow script included), and automating a browser publish via the OpenClaw browser tool. No unrelated credentials, binaries, or hidden network endpoints are requested.
ℹ 指令范围
SKILL.md stays within publishing scope (draft → cover → review → publish). It instructs writing a draft file (memory/xiaohongshu-draft.md), generating/saving cover images to disk, sending posts to the user's messaging channel, and controlling a logged-in browser for publishing. These actions are expected for a publisher skill, but they mean the agent will act through the user's logged-in browser session (powerful capability) and will write files to disk (cover image, draft). The doc emphasizes 'Never auto-publish,' which mitigates risk if followed.
✓ 安装机制
No install spec is provided (instruction-only skill). The included Python script uses Pillow and system fonts, which is proportional for cover generation. The script searches local font paths rather than downloading anything from the network; no external downloads or extraction steps are present.
✓ 凭证需求
The skill requests no environment variables or credentials. It requires access to an OpenClaw browser node and the user's logged-in browser session — appropriate for performing browser-based publishing but a capability the user should limit to trusted nodes/profiles.
ℹ 持久化与权限
The skill does not set always:true, and model invocation is allowed (platform default). The SKILL.md documents cron integration for scheduled drafting/announcements; while the skill itself does not auto-publish, scheduled runs could produce drafts and send review messages automatically. Users should confirm scheduling and approval workflows to avoid unintended autonomous publishing.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/12
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install xiaohongshu-publisher
镜像加速npx clawhub@latest install xiaohongshu-publisher --registry https://cn.longxiaskill.com