Skill Trust Decision

xiaohongshu-win

Name: xiaohongshu-win Trust Review Report
Item: xiaohongshu-win
Rating: 32
Author: ClawSafe

Hardcoded placeholder IP (120.0.0.0) combined with anti-detection browser flags and undocumented behavior indicates potential C2 infrastructure testing template, though current code shows no active malicious exfiltration.

Install decision first Source: Manual upload Scanned: Apr 4, 2026

Files 6

Artifacts 10

Violations 0

Findings 6

Most direct threat evidence

Skill distributed via SKILL.md with benign description of social media tool Entry · SKILL.md

Hardcoded IP 120.0.0.0 at line 57 suggests C2 infrastructure placeholder - IP not currently used but indicates pre-planned exfiltration path recon · scripts/xhs-core.js

Login credentials stored in plaintext cookies.json, accessible to other processes Persistence · scripts/xhs-core.js

Why this conclusion was reached

2/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Block

Hidden execution and egress

1 high-risk artifacts or egress signals were extracted.

Block

Attack chain and severe findings

The report includes 4 attack-chain steps and 3 severe findings.

Review

Dependencies and supply chain hygiene

1 dependency or supply-chain issues need attention.

Attack Chain

Skill distributed via SKILL.md with benign description of social media tool

Entry · SKILL.md:1

Hardcoded IP 120.0.0.0 at line 57 suggests C2 infrastructure placeholder - IP not currently used but indicates pre-planned exfiltration path

recon · scripts/xhs-core.js:57

Login credentials stored in plaintext cookies.json, accessible to other processes

Persistence · scripts/xhs-core.js:27

Browser launched with --disable-blink-features=AutomationControlled to hide automation from detection

evasion · scripts/xhs-core.js:45

What drove the risk score up

Hardcoded placeholder IP address +25

Line 57 hardcodes IP 120.0.0.0 - an obvious placeholder/router IP, consistent with C2 infrastructure testing

Anti-detection browser flag +20

--disable-blink-features=AutomationControlled hides browser automation from websites

Doc-to-code mismatch +15

SKILL.md declares 'Browser Relay' and '定时任务' features not implemented in code

Unpinned dependencies +8

package.json has playwright:^1.40.0 without version lock

Most important evidence

High Obfuscation

Hardcoded placeholder IP address

Line 57 in xhs-core.js declares 'const IP = "120.0.0.0"' which is a clearly fake/placeholder IP address. This pattern is consistent with C2 infrastructure testing or a malicious template awaiting real infrastructure configuration.

scripts/xhs-core.js:57

Remove or replace with legitimate API endpoint. 120.0.0.0 is a routing IP, not a valid destination.

High Doc Mismatch

SKILL.md features not implemented in code

SKILL.md claims 'Browser Relay' and '定时任务' (scheduled tasks) features, but these are not implemented in xhs-core.js or xhs.js. The documentation materially overstates capabilities.

SKILL.md:18

Remove undeclared features from SKILL.md or implement them.

High Obfuscation

Browser anti-detection flag present

Launches Chromium with --disable-blink-features=AutomationControlled, which hides browser automation from websites. This is commonly used to evade bot detection but may also serve to hide suspicious browsing activity.

scripts/xhs-core.js:45

Justify this flag in documentation or remove if not necessary.

Medium Supply Chain

Unpinned playwright dependency

package.json uses playwright:^1.40.0 without exact version pinning. Allows supply chain substitution.

scripts/package.json:10

Pin to exact version: "playwright": "1.40.0"

Medium Sensitive Access

Plaintext cookie storage without encryption

Cookies including web_session tokens are stored in plaintext JSON at %USERPROFILE%\.xiaohongshu-win\cookies.json. These credentials could be harvested by other processes.

scripts/xhs-core.js:27

Use OS credential store (DPAPI on Windows) or encrypt cookies at rest.

Low Doc Mismatch

Migration script executes at require time

migrate-and-test.js contains top-level code that executes immediately when the file is loaded (copies old cookies, then runs status check). Side effects on require could be unexpected.

scripts/migrate-and-test.js:16

Wrap execution in a function or main block to prevent side effects on import.

Declared capability vs actual capability

Browser Pass

Declared READ

→

Inferred WRITE

Playwright persistentContext throughout

Network Pass

Declared READ

→

Inferred WRITE

xiaohongshu.com API calls, hardcoded IP at line 57

Filesystem Pass

Declared WRITE

→

Inferred WRITE

cookies.json, browser-profile, search results stored in %USERPROFILE%

Shell Pass

Declared NONE

→

Inferred NONE

No shell:WRITE usage - Node.js with Playwright only

Suspicious artifacts and egress

High IP Address

120.0.0.0

scripts/xhs-core.js:57

Medium External URL

https://www.xiaohongshu.com/explore/69aee455000000001b016268

SKILL.md:111

Medium External URL

https://nodejs.org（LTS

references/setup.md:6

Medium External URL

https://npmmirror.com/mirrors/playwright

references/setup.md:52

Medium External URL

https://www.xiaohongshu.com

scripts/xhs-core.js:20

Medium External URL

https://edith.xiaohongshu.com

scripts/xhs-core.js:21

Medium External URL

https://www.xiaohongshu.com/

scripts/xhs-core.js:107

Medium External URL

https://creator.xiaohongshu.com/publish/publish

scripts/xhs-core.js:304

Medium External URL

https://www.xiaohongshu.com/explore/xxx

scripts/xhs.js:36

Medium External URL

https://www.xiaohongshu.com/explore/$

scripts/xhs.js:61

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
playwright	`^1.40.0`	npm	No	Version not pinned - caret range allows updates

File composition

6 files · 779 lines

JavaScript 3 files · 574 linesMarkdown 2 files · 193 linesJSON 1 files · 12 lines

Files of concern · 6

scripts/xhs-core.js JavaScript · 373 lines

Hardcoded placeholder IP address · Browser anti-detection flag present · Plaintext cookie storage without encryption · 120.0.0.0 · https://www.xiaohongshu.com · https://edith.xiaohongshu.com · https://www.xiaohongshu.com/ · https://creator.xiaohongshu.com/publish/publish

scripts/xhs.js JavaScript · 183 lines

https://www.xiaohongshu.com/explore/xxx · https://www.xiaohongshu.com/explore/$

SKILL.md Markdown · 132 lines

SKILL.md features not implemented in code · https://www.xiaohongshu.com/explore/69aee455000000001b016268

references/setup.md Markdown · 61 lines

https://nodejs.org（LTS · https://npmmirror.com/mirrors/playwright

scripts/migrate-and-test.js JavaScript · 18 lines

Migration script executes at require time

scripts/package.json JSON · 12 lines

Unpinned playwright dependency

Security positives

No base64-encoded strings or eval() usage found

No curl|bash or wget|sh remote script execution

No environment variable iteration for credential harvesting

No ~/.ssh, ~/.aws, or .env file access

No reverse shell or direct IP network requests to external infrastructure (IP is a placeholder)

Network requests target legitimate Xiaohongshu domains only

Playwright browser automation is a standard legitimate approach for social media tools