xiaohongshu-win 安全扫描报告 — 高风险 | ClawSafe

68 /100

xiaohongshu-win

小红书 Windows 原生工具 - Playwright-based Xiaohongshu content search, topic reports, and note publishing

Hardcoded placeholder IP (120.0.0.0) combined with anti-detection browser flags and undocumented behavior indicates potential C2 infrastructure testing template, though current code shows no active malicious exfiltration.

技能名称xiaohongshu-win

分析耗时46.9s

引擎pi

⛔

不要安装此技能

Investigate the hardcoded IP at xhs-core.js:57, which is a clear placeholder. Remove --disable-blink-features=AutomationControlled if not justified. Add version pinning to package.json. Document all network communications.

攻击链 4 步

◎

入口 Skill distributed via SKILL.md with benign description of social media tool

SKILL.md:1

⬡

提权 Hardcoded IP 120.0.0.0 at line 57 suggests C2 infrastructure placeholder - IP not currently used but indicates pre-planned exfiltration path

scripts/xhs-core.js:57

⬡

提权 Login credentials stored in plaintext cookies.json, accessible to other processes

scripts/xhs-core.js:27

⬡

提权 Browser launched with --disable-blink-features=AutomationControlled to hide automation from detection

scripts/xhs-core.js:45

安全发现 6 项

严重性	安全发现	位置
高危	Hardcoded placeholder IP address 代码混淆 Line 57 in xhs-core.js declares 'const IP = "120.0.0.0"' which is a clearly fake/placeholder IP address. This pattern is consistent with C2 infrastructure testing or a malicious template awaiting real infrastructure configuration. `const IP = '120.0.0.0'` → Remove or replace with legitimate API endpoint. 120.0.0.0 is a routing IP, not a valid destination.	`scripts/xhs-core.js:57`
高危	SKILL.md features not implemented in code 文档欺骗 SKILL.md claims 'Browser Relay' and '定时任务' (scheduled tasks) features, but these are not implemented in xhs-core.js or xhs.js. The documentation materially overstates capabilities. `Browser Relay - 支持复用本地 Chrome 浏览器 / 定时任务 - 支持 Cron 定时自动搜索热点` → Remove undeclared features from SKILL.md or implement them.	`SKILL.md:18`
高危	Browser anti-detection flag present 代码混淆 Launches Chromium with --disable-blink-features=AutomationControlled, which hides browser automation from websites. This is commonly used to evade bot detection but may also serve to hide suspicious browsing activity. `args: ['--no-sandbox', '--disable-blink-features=AutomationControlled']` → Justify this flag in documentation or remove if not necessary.	`scripts/xhs-core.js:45`
中危	Unpinned playwright dependency 供应链 package.json uses playwright:^1.40.0 without exact version pinning. Allows supply chain substitution. `"playwright": "^1.40.0"` → Pin to exact version: "playwright": "1.40.0"	`scripts/package.json:10`
中危	Plaintext cookie storage without encryption 敏感访问 Cookies including web_session tokens are stored in plaintext JSON at %USERPROFILE%\.xiaohongshu-win\cookies.json. These credentials could be harvested by other processes. `fs.writeFileSync(COOKIE_FILE, JSON.stringify(cookies, null, 2), 'utf8');` → Use OS credential store (DPAPI on Windows) or encrypt cookies at rest.	`scripts/xhs-core.js:27`
低危	Migration script executes at require time 文档欺骗 migrate-and-test.js contains top-level code that executes immediately when the file is loaded (copies old cookies, then runs status check). Side effects on require could be unexpected. `require('./xhs.js');` → Wrap execution in a function or main block to prevent side effects on import.	`scripts/migrate-and-test.js:16`

资源类型	声明权限	推断权限	状态	证据
浏览器	`READ`	`WRITE`	✓ 一致	Playwright persistentContext throughout
网络访问	`READ`	`WRITE`	✓ 一致	xiaohongshu.com API calls, hardcoded IP at line 57
文件系统	`WRITE`	`WRITE`	✓ 一致	cookies.json, browser-profile, search results stored in %USERPROFILE%
命令执行	`NONE`	`NONE`	—	No shell:WRITE usage - Node.js with Playwright only

1 高危 10 项发现

📡

高危 IP 地址硬编码 IP 地址

120.0.0.0

scripts/xhs-core.js:57

🔗

中危外部 URL 外部 URL

https://www.xiaohongshu.com/explore/69aee455000000001b016268

SKILL.md:111

🔗

中危外部 URL 外部 URL

https://nodejs.org（LTS

references/setup.md:6

🔗

中危外部 URL 外部 URL

https://npmmirror.com/mirrors/playwright

references/setup.md:52

🔗

中危外部 URL 外部 URL

https://www.xiaohongshu.com

scripts/xhs-core.js:20

🔗

中危外部 URL 外部 URL

https://edith.xiaohongshu.com

scripts/xhs-core.js:21

🔗

中危外部 URL 外部 URL

https://www.xiaohongshu.com/

scripts/xhs-core.js:107

🔗

中危外部 URL 外部 URL

https://creator.xiaohongshu.com/publish/publish

scripts/xhs-core.js:304

🔗

中危外部 URL 外部 URL

https://www.xiaohongshu.com/explore/xxx

scripts/xhs.js:36

🔗

中危外部 URL 外部 URL

https://www.xiaohongshu.com/explore/$

scripts/xhs.js:61

目录结构

6 文件 · 28.4 KB · 779 行

JavaScript 3f · 574L Markdown 2f · 193L JSON 1f · 12L

├─ ▾ 📁 references

│ └─ 📝 setup.md Markdown 61L · 1.4 KB

├─ ▾ 📁 scripts

│ ├─ 📜 migrate-and-test.js JavaScript 18L · 666 B

│ ├─ 📋 package.json JSON 12L · 266 B

│ ├─ 📜 xhs-core.js JavaScript 373L · 14.3 KB

│ └─ 📜 xhs.js JavaScript 183L · 7.7 KB

└─ 📝 SKILL.md Markdown 132L · 4.1 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`playwright`	`^1.40.0`	npm	否	Version not pinned - caret range allows updates

安全亮点

✓ No base64-encoded strings or eval() usage found

✓ No curl|bash or wget|sh remote script execution

✓ No environment variable iteration for credential harvesting

✓ No ~/.ssh, ~/.aws, or .env file access

✓ No reverse shell or direct IP network requests to external infrastructure (IP is a placeholder)

✓ Network requests target legitimate Xiaohongshu domains only

✓ Playwright browser automation is a standard legitimate approach for social media tools