xiaohongshu-win Security Report — High Risk | ClawSafe

68 /100

xiaohongshu-win

小红书 Windows 原生工具 - Playwright-based Xiaohongshu content search, topic reports, and note publishing

Hardcoded placeholder IP (120.0.0.0) combined with anti-detection browser flags and undocumented behavior indicates potential C2 infrastructure testing template, though current code shows no active malicious exfiltration.

Skill Namexiaohongshu-win

Duration46.9s

Enginepi

⛔

Do not install this skill

Investigate the hardcoded IP at xhs-core.js:57, which is a clear placeholder. Remove --disable-blink-features=AutomationControlled if not justified. Add version pinning to package.json. Document all network communications.

Attack Chain 4 steps

◎

Entry Skill distributed via SKILL.md with benign description of social media tool

SKILL.md:1

⬡

Escalation Hardcoded IP 120.0.0.0 at line 57 suggests C2 infrastructure placeholder - IP not currently used but indicates pre-planned exfiltration path

scripts/xhs-core.js:57

⬡

Escalation Login credentials stored in plaintext cookies.json, accessible to other processes

scripts/xhs-core.js:27

⬡

Escalation Browser launched with --disable-blink-features=AutomationControlled to hide automation from detection

scripts/xhs-core.js:45

Findings 6 items

Severity	Finding	Location
High	Hardcoded placeholder IP address Obfuscation Line 57 in xhs-core.js declares 'const IP = "120.0.0.0"' which is a clearly fake/placeholder IP address. This pattern is consistent with C2 infrastructure testing or a malicious template awaiting real infrastructure configuration. `const IP = '120.0.0.0'` → Remove or replace with legitimate API endpoint. 120.0.0.0 is a routing IP, not a valid destination.	`scripts/xhs-core.js:57`
High	SKILL.md features not implemented in code Doc Mismatch SKILL.md claims 'Browser Relay' and '定时任务' (scheduled tasks) features, but these are not implemented in xhs-core.js or xhs.js. The documentation materially overstates capabilities. `Browser Relay - 支持复用本地 Chrome 浏览器 / 定时任务 - 支持 Cron 定时自动搜索热点` → Remove undeclared features from SKILL.md or implement them.	`SKILL.md:18`
High	Browser anti-detection flag present Obfuscation Launches Chromium with --disable-blink-features=AutomationControlled, which hides browser automation from websites. This is commonly used to evade bot detection but may also serve to hide suspicious browsing activity. `args: ['--no-sandbox', '--disable-blink-features=AutomationControlled']` → Justify this flag in documentation or remove if not necessary.	`scripts/xhs-core.js:45`
Medium	Unpinned playwright dependency Supply Chain package.json uses playwright:^1.40.0 without exact version pinning. Allows supply chain substitution. `"playwright": "^1.40.0"` → Pin to exact version: "playwright": "1.40.0"	`scripts/package.json:10`
Medium	Plaintext cookie storage without encryption Sensitive Access Cookies including web_session tokens are stored in plaintext JSON at %USERPROFILE%\.xiaohongshu-win\cookies.json. These credentials could be harvested by other processes. `fs.writeFileSync(COOKIE_FILE, JSON.stringify(cookies, null, 2), 'utf8');` → Use OS credential store (DPAPI on Windows) or encrypt cookies at rest.	`scripts/xhs-core.js:27`
Low	Migration script executes at require time Doc Mismatch migrate-and-test.js contains top-level code that executes immediately when the file is loaded (copies old cookies, then runs status check). Side effects on require could be unexpected. `require('./xhs.js');` → Wrap execution in a function or main block to prevent side effects on import.	`scripts/migrate-and-test.js:16`

Resource	Declared	Inferred	Status	Evidence
Browser	`READ`	`WRITE`	✓ Aligned	Playwright persistentContext throughout
Network	`READ`	`WRITE`	✓ Aligned	xiaohongshu.com API calls, hardcoded IP at line 57
Filesystem	`WRITE`	`WRITE`	✓ Aligned	cookies.json, browser-profile, search results stored in %USERPROFILE%
Shell	`NONE`	`NONE`	—	No shell:WRITE usage - Node.js with Playwright only

1 High 10 findings

📡

High IP Address 硬编码 IP 地址

120.0.0.0

scripts/xhs-core.js:57

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore/69aee455000000001b016268

SKILL.md:111

🔗

Medium External URL 外部 URL

https://nodejs.org（LTS

references/setup.md:6

🔗

Medium External URL 外部 URL

https://npmmirror.com/mirrors/playwright

references/setup.md:52

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com

scripts/xhs-core.js:20

🔗

Medium External URL 外部 URL

https://edith.xiaohongshu.com

scripts/xhs-core.js:21

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/

scripts/xhs-core.js:107

🔗

Medium External URL 外部 URL

https://creator.xiaohongshu.com/publish/publish

scripts/xhs-core.js:304

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore/xxx

scripts/xhs.js:36

🔗

Medium External URL 外部 URL

https://www.xiaohongshu.com/explore/$

scripts/xhs.js:61

File Tree

6 files · 28.4 KB · 779 lines

JavaScript 3f · 574L Markdown 2f · 193L JSON 1f · 12L

├─ ▾ 📁 references

│ └─ 📝 setup.md Markdown 61L · 1.4 KB

├─ ▾ 📁 scripts

│ ├─ 📜 migrate-and-test.js JavaScript 18L · 666 B

│ ├─ 📋 package.json JSON 12L · 266 B

│ ├─ 📜 xhs-core.js JavaScript 373L · 14.3 KB

│ └─ 📜 xhs.js JavaScript 183L · 7.7 KB

└─ 📝 SKILL.md Markdown 132L · 4.1 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`playwright`	`^1.40.0`	npm	No	Version not pinned - caret range allows updates

Security Positives

✓ No base64-encoded strings or eval() usage found

✓ No curl|bash or wget|sh remote script execution

✓ No environment variable iteration for credential harvesting

✓ No ~/.ssh, ~/.aws, or .env file access

✓ No reverse shell or direct IP network requests to external infrastructure (IP is a placeholder)

✓ Network requests target legitimate Xiaohongshu domains only

✓ Playwright browser automation is a standard legitimate approach for social media tools

Scan Report

Attack Chain 4 steps

Findings 6 items

File Tree

Dependencies 1 items

Security Positives