xhs-crawler Security Report — Suspicious | ClawSafe

40 /100

xhs-crawler

小红书关键词爬取 Skill — 浏览器模拟搜索 + 飞书推送

Hardcoded Feishu App Secret exposed in both source code and SKILL.md documentation, plus unpinned Python dependencies with no network isolation, constitute undeclared sensitive credential exposure and dependency supply chain risk.

Skill Namexhs-crawler

Duration64.6s

Enginepi

⚠

Use with caution

Move Feishu App ID/Secret to environment variables or a .env file, pin all dependency versions (playwright, requests), and remove credentials from SKILL.md before deployment.

Findings 5 items

Severity	Finding	Location
High	Feishu App Secret hardcoded and documented FEISHU_APP_ID='cli_a924d921ce7a9cbd' and FEISHU_APP_SECRET='5QG92Lp8kvhAkgpPJTd57fIxshnCebEt' are hardcoded in config.py lines 89-90. SKILL.md lines 64-67 reproduce the exact same credentials in a documentation example block, meaning anyone with repo access or who receives this skill sees the live credentials. This creates a credential-leak blast radius: the Feishu bot can send messages to any group the bot has been added to. `FEISHU_APP_ID = "cli_a924d921ce7a9cbd" FEISHU_APP_SECRET = "5QG92Lp8kvhAkgpPJTd57fIxshnCebEt"` → Move credentials to environment variables (os.environ.get('FEISHU_APP_ID')) or a .env file added to .gitignore, and remove the credential block from SKILL.md example	`config.py:89`
High	No dependency pinning — supply chain risk package.json has empty dependencies {}; no requirements.txt exists. SKILL.md instructs 'pip install playwright requests' without version pins. This allows dependency confusion attacks or a malicious future release of a transitive dependency to be silently installed. `"dependencies": {}` → Add requirements.txt with pinned versions (e.g., playwright==1.40.0 requests==2.31.0) and update package.json dependencies	`package.json:9`
Medium	Node.js exec() with arbitrary command injection surface index.js:runPythonScript builds a shell command string with user-supplied keyword passed directly into exec(). While the keyword is URI-component free in the current code flow, a future change could introduce injection. The command also uses a 2-minute timeout and 10MB buffer which are appropriate. const cmd = `"${this.pythonEnv}" "${this.pythonScript}" "${command}"`; → Use spawn() with explicit argument array instead of shell string interpolation, or validate the keyword as alphanumeric-only Chinese string	`index.js:122`
Medium	Chrome profile directory stored in user home XHS_USER_DATA_DIR defaults to Path.home() / 'xhs_chrome_profile', meaning the skill stores browser session data under the user's home directory. This is necessary for cookie persistence but expands the blast radius if the profile is compromised. `XHS_USER_DATA_DIR = Path.home() / "xhs_chrome_profile"` → Document this clearly and consider using a scoped subdirectory within the skill folder instead of ~/	`config.py:18`
Low	Pre-scan false positive: IP address misidentified The pre-scan flagged '143.0.0.0' at config.py:50 as a hardcoded IP. This is actually the Chromium browser version number (143.0.0.0) embedded in the User-Agent string, not a network IP address. No malicious IP C2 indicator. `"user-agent": "...Chrome/143.0.0.0..."` → No action needed; this is a version number, not an IP	`config.py:46`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`WRITE`	✓ Aligned	cookie_manager.py writes cookie.txt; logs/xhs_crawler.log created; all within sk…
Network	`READ`	`READ`	✓ Aligned	requests to xiaohongshu.com (search API + browser), open.feishu.cn (Feishu OpenA…
Shell	`WRITE`	`WRITE`	✓ Aligned	index.js uses child_process.exec() to run python script; python itself uses play…
Environment	`NONE`	`READ`	✓ Aligned	config.py reads no env vars; but feishu_app_bot.py sends App ID/Secret in POST b…

1 High 14 findings

📡

High IP Address 硬编码 IP 地址

143.0.0.0

config.py:50

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore

auto_login_with_qrcode.py:96

🔗

Medium External URL 外部 URL

https://edith.xiaohongshu.com/api/sns/web/v1/search/notes

config.py:30

🔗

Medium External URL 外部 URL

https://edith.xiaohongshu.com/api/sns/web/v1/feed

config.py:31

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com

config.py:40

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/

config.py:43

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/user/profile

cookie_manager.py:82

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal

feishu_app_bot.py:67

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/messages

feishu_app_bot.py:109

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/images

feishu_app_bot.py:222

🔗

Medium External URL 外部 URL

https://open.feishu.cn/open-apis/im/v1/chats

feishu_app_bot.py:368

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore/

xhs_crawler.py:181

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/search_result?keyword=

xhs_search_with_browser.py:86

🔗

Medium External URL 外部 URL

https://open.feishu.cn/

使用文档.md:67

File Tree

15 files · 94.0 KB · 3138 lines

Python 10f · 2525L Markdown 2f · 420L JavaScript 1f · 175L JSON 1f · 17L Text 1f · 1L

├─ 🐍 __init__.py Python 26L · 590 B

├─ 🐍 auto_login_with_qrcode.py Python 319L · 10.2 KB

├─ 🐍 config.py Python 98L · 2.9 KB

├─ 🐍 cookie_manager.py Python 327L · 10.1 KB

├─ 📄 cookie.txt Text 1L · 880 B

├─ 🐍 example_openclaw_skill.py Python 218L · 6.3 KB

├─ 🐍 feishu_app_bot.py Python 444L · 13.2 KB

├─ 🐍 feishu_bot.py Python 300L · 8.1 KB

├─ 📜 index.js JavaScript 175L · 5.6 KB

├─ 🐍 login.py Python 125L · 3.9 KB

├─ 📋 package.json JSON 17L · 412 B

├─ 📝 SKILL.md Markdown 179L · 4.5 KB

├─ 🐍 xhs_crawler.py Python 413L · 12.5 KB

├─ 🐍 xhs_search_with_browser.py Python 255L · 8.9 KB

└─ 📝 使用文档.md Markdown 241L · 6.2 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`playwright`	`*`	pip	No	No version pinned — SKILL.md says 'pip install playwright' without version
`requests`	`*`	pip	No	No version pinned — SKILL.md says 'pip install requests' without version
`node`	`*`	system	No	No Node.js package.json dependencies declared

Security Positives

✓ All capabilities declared in SKILL.md align with actual implementation — no hidden functionality detected

✓ No base64-encoded payloads, no eval(), no obfuscated JavaScript

✓ No credential harvesting beyond the Feishu app credentials (which are for the bot's own API, not user data theft)

✓ No curl|bash or wget|sh remote script downloads

✓ No access to ~/.ssh, ~/.aws, or other sensitive host credential paths

✓ No reverse shell, no C2 callbacks, no data exfiltration to unknown third-party servers

✓ Playwright import is safely guarded with try/except and PLAYWRIGHT_AVAILABLE flag

✓ Browser automation uses isolated user_data_dir per session for login flow

Scan Report

Findings 5 items

File Tree

Dependencies 3 items

Security Positives