Scan Report
This report was generated in Chinese. Some content may be in Chinese.
5 /100
xhs-skill-pusher
小红书内容发布技能 - 规范化cookie管理 + xhs-kit自动化发布
小红书内容发布技能,标准化Cookie管理和xhs-kit自动化发布,代码功能与文档一致,无恶意行为
Safe to install
可安全使用。注意:pip安装时建议指定版本以避免供应链风险
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Python依赖未指定版本锁定 Supply Chain | SKILL.md:42 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | scripts/xhs_save_cookie.sh:150 - echo "$cookie_json" > "$filepath" |
| Shell | WRITE | WRITE | ✓ Aligned | scripts/xhs_final.sh:18 - source xhs-env/bin/activate; exec ./xhs_simple.sh |
| Network | READ | READ | ✓ Aligned | bin/xhs-pusher.mjs:44 - execSync('which xhs-kit') |
1 findings
Info Email 邮箱地址
[email protected] PUSH_GUIDE.md:47 File Tree
12 files · 73.4 KB · 2815 lines Shell 5f · 1308L
Markdown 5f · 1097L
JavaScript 1f · 373L
JSON 1f · 37L
├─
▾
bin
│ └─
xhs-pusher.mjs
JavaScript
├─
▾
docs
│ ├─
QUICK_START.md
Markdown
│ └─
XHS_FINAL_SOLUTION.md
Markdown
├─
▾
scripts
│ ├─
xhs_final.sh
Shell
│ ├─
xhs_manage.sh
Shell
│ ├─
xhs_save_cookie.sh
Shell
│ └─
xhs_simple.sh
Shell
├─
package.json
JSON
├─
PUSH_GUIDE.md
Markdown
├─
push_to_github.sh
Shell
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 4 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
xhs-kit | * | pip | No | 无版本锁定 |
playwright | * | pip | No | 无版本锁定 |
commander | ^11.1.0 | npm | No | 知名CLI库 |
chalk | ^5.3.0 | npm | No | 知名终端样式库 |
Security Positives
✓ 代码结构清晰,所有Shell操作均在脚本内部完成
✓ 功能与文档描述一致,无阴影功能
✓ Cookie仅存储在本地xhs_cookies目录,无外传行为
✓ 使用标准化xhs-kit库,无自定义恶意代码
✓ Node.js依赖来自npm官方仓库(commander, chalk等知名库)