中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 45/100
Last scan:1 day ago Rescan
45 /100
xhs-skill-pusher
小红书内容发布技能 - 规范化cookie管理 + xhs-kit自动化发布
This is a Xiaohongshu content publishing skill that stores cookies locally and uses xhs-kit for automation. While not overtly malicious, it has significant doc-to-code mismatch on shell execution and undeclared behavior.
Skill Namexhs-skill-pusher
Duration51.3s
Enginepi
Use with caution
Before using, verify the xhs-kit source, pin dependency versions, and add explicit shell/filesystem declarations to SKILL.md

Findings 5 items

Severity Finding Location
Medium
Shell execution not declared in SKILL.md Doc Mismatch
SKILL.md declares all resources as NONE, but bin/xhs-pusher.mjs uses execSync() to execute shell commands (lines 24, 55, 69, 78, 90, 103, 115). Bash scripts also use subprocess.
execSync('which xhs-kit', { stdio: 'ignore' })
→ Declare shell:WRITE in SKILL.md capabilities
 bin/xhs-pusher.mjs:24
Medium
xhs-kit installed without version pinning Supply Chain
SKILL.md and scripts use 'pip install xhs-kit' without version constraints. An attacker compromising the PyPI package could push malicious updates.
pip install xhs-kit
→ Use 'pip install xhs-kit==X.Y.Z' with pinned version and hash verification
 SKILL.md:50
Medium
~/.openclaw/workspace reference without disclosure Sensitive Access
The init command references copying scripts from ~/.openclaw/workspace/ but this cross-skill integration is not documented. Could access or execute code from the parent workspace.
cp ~/.openclaw/workspace/${script} scripts/
→ Document workspace integration or remove this path reference
 bin/xhs-pusher.mjs:162
Low
NPM dependencies use unpinned version ranges Supply Chain
package.json uses caret ranges (^11.1.0, ^5.3.0) for all dependencies. No integrity hashes in package-lock.json.
"commander": "^11.1.0"
→ Pin exact versions and include package-lock.json with integrity hashes
 package.json:18
Low
Cookie storage without encryption or secure handling Credential Theft
Authentication cookies are saved as plaintext JSON files in xhs_cookies/. No mention of encryption-at-rest or secure deletion.
echo "$cookie_json" > "$filepath"
→ Add encryption for stored cookies and warn users about file permissions
 scripts/xhs_save_cookie.sh:88
ResourceDeclaredInferredStatusEvidence
Shell NONE WRITE ✗ Violation bin/xhs-pusher.mjs:24 execSync
Filesystem NONE WRITE ✗ Violation scripts/xhs_save_cookie.sh:90 mkdir + file write
Network NONE READ ✗ Violation xhs-kit makes API calls to xiaohongshu.com
Environment NONE READ ✓ Aligned xhs-kit may read env vars for auth
1 findings
📧
Info Email 邮箱地址
[email protected]
PUSH_GUIDE.md:47

File Tree

12 files · 73.4 KB · 2815 lines
Shell 5f · 1308L Markdown 5f · 1097L JavaScript 1f · 373L JSON 1f · 37L
├─ 📁 bin
│ └─ 📜 xhs-pusher.mjs JavaScript 373L · 10.2 KB
├─ 📁 docs
│ ├─ 📝 QUICK_START.md Markdown 165L · 3.7 KB
│ └─ 📝 XHS_FINAL_SOLUTION.md Markdown 237L · 6.4 KB
├─ 📁 scripts
│ ├─ 🔧 xhs_final.sh Shell 19L · 515 B
│ ├─ 🔧 xhs_manage.sh Shell 474L · 14.2 KB
│ ├─ 🔧 xhs_save_cookie.sh Shell 310L · 7.4 KB
│ └─ 🔧 xhs_simple.sh Shell 453L · 11.3 KB
├─ 📋 package.json JSON 37L · 842 B
├─ 📝 PUSH_GUIDE.md Markdown 188L · 4.5 KB
├─ 🔧 push_to_github.sh Shell 52L · 1.4 KB
├─ 📝 README.md Markdown 168L · 4.5 KB
└─ 📝 SKILL.md Markdown 339L · 8.4 KB

Dependencies 4 items

PackageVersionSourceKnown VulnsNotes
xhs-kit * pip No Not pinned - could be replaced with malicious version
playwright * pip No Not pinned
commander ^11.1.0 npm No Caret range without lock file hash
chalk ^5.3.0 npm No Caret range without lock file hash

Security Positives

✓ No base64-encoded payloads or obfuscation found
✓ No direct IP connections or C2 communication patterns
✓ No credential harvesting loops over environment variables
✓ No curl|bash or wget|sh remote script execution
✓ No hidden instructions in HTML comments or binary blobs
✓ No attempts to access ~/.ssh, ~/.aws, or other credential paths
✓ Uses a legitimate, documented automation library (xhs-kit) for a real platform