安全决策报告
xiaohongshu-win
Hardcoded placeholder IP (120.0.0.0) combined with anti-detection browser flags and undocumented behavior indicates potential C2 infrastructure testing template, though current code shows no active malicious exfiltration.
最直接的威胁证据
01
Skill distributed via SKILL.md with benign description of social media tool 初始入口 · SKILL.md
02
Hardcoded IP 120.0.0.0 at line 57 suggests C2 infrastructure placeholder - IP not currently used but indicates pre-planned exfiltration path recon · scripts/xhs-core.js
03
Login credentials stored in plaintext cookies.json, accessible to other processes 持久化 · scripts/xhs-core.js
为什么得出这个结论
2/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
阻止
隐藏执行与外联
提取到 1 个高危 IOC 或外联信号。
阻止
攻击链与高危发现
报告包含 4 步攻击链,另有 3 项高危或严重发现。
复核
依赖与供应链卫生
发现 1 项需要关注的依赖或供应链线索。
攻击链
01
Skill distributed via SKILL.md with benign description of social media tool
初始入口 · SKILL.md:1
02
Hardcoded IP 120.0.0.0 at line 57 suggests C2 infrastructure placeholder - IP not currently used but indicates pre-planned exfiltration path
recon · scripts/xhs-core.js:57
03
Login credentials stored in plaintext cookies.json, accessible to other processes
持久化 · scripts/xhs-core.js:27
04
Browser launched with --disable-blink-features=AutomationControlled to hide automation from detection
evasion · scripts/xhs-core.js:45
风险分是怎么被拉高的
Hardcoded placeholder IP address +25
Line 57 hardcodes IP 120.0.0.0 - an obvious placeholder/router IP, consistent with C2 infrastructure testing
Anti-detection browser flag +20
--disable-blink-features=AutomationControlled hides browser automation from websites
Doc-to-code mismatch +15
SKILL.md declares 'Browser Relay' and '定时任务' features not implemented in code
Unpinned dependencies +8
package.json has playwright:^1.40.0 without version lock
最关键的证据
高危 代码混淆
Hardcoded placeholder IP address
Line 57 in xhs-core.js declares 'const IP = "120.0.0.0"' which is a clearly fake/placeholder IP address. This pattern is consistent with C2 infrastructure testing or a malicious template awaiting real infrastructure configuration.
scripts/xhs-core.js:57 Remove or replace with legitimate API endpoint. 120.0.0.0 is a routing IP, not a valid destination.
高危 文档欺骗
SKILL.md features not implemented in code
SKILL.md claims 'Browser Relay' and '定时任务' (scheduled tasks) features, but these are not implemented in xhs-core.js or xhs.js. The documentation materially overstates capabilities.
SKILL.md:18 Remove undeclared features from SKILL.md or implement them.
高危 代码混淆
Browser anti-detection flag present
Launches Chromium with --disable-blink-features=AutomationControlled, which hides browser automation from websites. This is commonly used to evade bot detection but may also serve to hide suspicious browsing activity.
scripts/xhs-core.js:45 Justify this flag in documentation or remove if not necessary.
中危 供应链
Unpinned playwright dependency
package.json uses playwright:^1.40.0 without exact version pinning. Allows supply chain substitution.
scripts/package.json:10 Pin to exact version: "playwright": "1.40.0"
中危 敏感访问
Plaintext cookie storage without encryption
Cookies including web_session tokens are stored in plaintext JSON at %USERPROFILE%\.xiaohongshu-win\cookies.json. These credentials could be harvested by other processes.
scripts/xhs-core.js:27 Use OS credential store (DPAPI on Windows) or encrypt cookies at rest.
低危 文档欺骗
Migration script executes at require time
migrate-and-test.js contains top-level code that executes immediately when the file is loaded (copies old cookies, then runs status check). Side effects on require could be unexpected.
scripts/migrate-and-test.js:16 Wrap execution in a function or main block to prevent side effects on import.
声明能力 vs 实际能力
浏览器 通过
声明 READ
→ 推断 WRITE
Playwright persistentContext throughout 网络访问 通过
声明 READ
→ 推断 WRITE
xiaohongshu.com API calls, hardcoded IP at line 57 文件系统 通过
声明 WRITE
→ 推断 WRITE
cookies.json, browser-profile, search results stored in %USERPROFILE% 命令执行 通过
声明 NONE
→ 推断 NONE
No shell:WRITE usage - Node.js with Playwright only 可疑产物与外联
高危 IP 地址
120.0.0.0 scripts/xhs-core.js:57
中危 外部 URL
https://www.xiaohongshu.com/explore/69aee455000000001b016268 SKILL.md:111
中危 外部 URL
https://nodejs.org(LTS references/setup.md:6
中危 外部 URL
https://npmmirror.com/mirrors/playwright references/setup.md:52
中危 外部 URL
https://www.xiaohongshu.com scripts/xhs-core.js:20
中危 外部 URL
https://edith.xiaohongshu.com scripts/xhs-core.js:21
中危 外部 URL
https://www.xiaohongshu.com/ scripts/xhs-core.js:107
中危 外部 URL
https://creator.xiaohongshu.com/publish/publish scripts/xhs-core.js:304
中危 外部 URL
https://www.xiaohongshu.com/explore/xxx scripts/xhs.js:36
中危 外部 URL
https://www.xiaohongshu.com/explore/$ scripts/xhs.js:61
依赖与供应链
| 包名 | 版本 | 来源 | 漏洞 | 备注 |
|---|---|---|---|---|
| playwright | ^1.40.0 | npm | 否 | Version not pinned - caret range allows updates |
文件构成
6 个文件 · 779 行
JavaScript 3 个文件 · 574 行Markdown 2 个文件 · 193 行JSON 1 个文件 · 12 行
需关注文件 · 6
scripts/xhs-core.js Hardcoded placeholder IP address · Browser anti-detection flag present · Plaintext cookie storage without encryption · 120.0.0.0 · https://www.xiaohongshu.com · https://edith.xiaohongshu.com · https://www.xiaohongshu.com/ · https://creator.xiaohongshu.com/publish/publish
scripts/xhs.js https://www.xiaohongshu.com/explore/xxx · https://www.xiaohongshu.com/explore/$
SKILL.md SKILL.md features not implemented in code · https://www.xiaohongshu.com/explore/69aee455000000001b016268
references/setup.md https://nodejs.org(LTS · https://npmmirror.com/mirrors/playwright
scripts/migrate-and-test.js Migration script executes at require time
scripts/package.json Unpinned playwright dependency
安全亮点
No base64-encoded strings or eval() usage found
No curl|bash or wget|sh remote script execution
No environment variable iteration for credential harvesting
No ~/.ssh, ~/.aws, or .env file access
No reverse shell or direct IP network requests to external infrastructure (IP is a placeholder)
Network requests target legitimate Xiaohongshu domains only
Playwright browser automation is a standard legitimate approach for social media tools