Scan Report
0 /100
xiaohongshu-creator-finder
小红书AI创作者识别 - 在小红书平台按预设规则自动搜索并识别AI原创动画创作者
A legitimate Xiaohongshu (Little Red Book) creator scraping tool that uses Playwright to browse, login via QR code, search for AI creators by keywords, scrape public profile data, and export to Excel/JSON. No malicious behavior observed.
Safe to install
No action needed. The skill is a standard web scraper for Xiaohongshu platform data. Consider pinning dependency versions for reproducibility.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Dependencies use loose version specifiers Supply Chain | docs/requirements.txt:1 |
| Low | Cookies stored in plaintext JSON file Credential Theft | config/cookies.json:1 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | SKILL.md declares browsing capability |
| Filesystem | WRITE | WRITE | ✓ Aligned | config/settings.json, output checkpoint/result files in src/xhs_creator_finder.p… |
| Shell | NONE | NONE | — | No subprocess or shell calls found |
| Environment | NONE | NONE | — | No os.environ access found |
| Clipboard | NONE | NONE | — | No clipboard access found |
| Browser | READ | READ | ✓ Aligned | Playwright chromium.launch in src/xhs_creator_finder.py:177 |
| Database | NONE | NONE | — | No database access found |
| Skill Invoke | NONE | NONE | — | No skill invocation found |
7 findings
Medium External URL 外部 URL
https://www.xiaohongshu.com/user/profile/... docs/使用说明书.md:176 Medium External URL 外部 URL
https://www.xiaohongshu.com/explore/... docs/使用说明书.md:178 Medium External URL 外部 URL
https://www.xiaohongshu.com/user/profile src/xhs_creator_finder.py:192 Medium External URL 外部 URL
https://www.xiaohongshu.com/login src/xhs_creator_finder.py:197 Medium External URL 外部 URL
https://www.xiaohongshu.com/search_result?keyword= src/xhs_creator_finder.py:229 Medium External URL 外部 URL
https://www.xiaohongshu.com src/xhs_creator_finder.py:249 Medium External URL 外部 URL
https://www.xiaohongshu.com/user/profile/ src/xhs_creator_finder.py:326 File Tree
12 files · 41.8 KB · 1437 lines Markdown 5f · 721L
Python 2f · 458L
JSON 4f · 255L
Text 1f · 3L
├─
▾
config
│ ├─
config.example.json
JSON
│ ├─
cookies.json
JSON
│ └─
settings.json
JSON
├─
▾
docs
│ ├─
README.md
Markdown
│ ├─
requirements.txt
Text
│ ├─
SKILL.md
Markdown
│ ├─
STATUS.md
Markdown
│ └─
使用说明书.md
Markdown
├─
▾
src
│ └─
xhs_creator_finder.py
Python
├─
skill.json
JSON
├─
SKILL.md
Markdown
└─
skill.py
Python
Dependencies 3 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
playwright | >=1.40.0 | pip | No | Version not pinned, loose specifier |
pandas | >=2.0.0 | pip | No | Version not pinned, loose specifier |
openpyxl | >=3.1.0 | pip | No | Version not pinned, loose specifier |
Security Positives
✓ No shell command execution (subprocess, os.system, etc.) - only Playwright browser automation
✓ No obfuscated code, base64 payloads, or eval() calls
✓ No access to sensitive local paths (~/.ssh, ~/.aws, .env, etc.)
✓ No data exfiltration - all network activity is to/from Xiaohongshu.com only
✓ No remote script execution (curl|bash, wget|sh)
✓ No credential harvesting beyond what is required for the Xiaohongshu login
✓ No persistence mechanisms (no cron jobs, startup hooks, or backdoors)
✓ No hidden functionality - SKILL.md accurately describes the tool's behavior
✓ Dependencies (playwright, pandas, openpyxl) have no known vulnerabilities
✓ Code is clean, readable, and well-documented with no suspicious patterns