Scan Report
0 /100
xhs-note-gen
小红书笔记生成服务,通过外部 API 生成小红书笔记内容
A straightforward XiaoHongShu note generation script that makes HTTP POST requests to an external API, with no malicious behavior, credential access, or hidden functionality.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file read/write operations in scripts/xhs_note_gen.py |
| Network | NONE | READ | ✓ Aligned | SKILL.md describes external API usage but does not formally declare network:READ… |
| Shell | NONE | NONE | — | No subprocess or shell execution found |
| Environment | NONE | NONE | — | No os.environ access in script |
| Skill Invoke | NONE | NONE | — | No skill invocation detected |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
1 findings
Medium External URL 外部 URL
https://xiaonian.cc/employee-console/dashboard/v2/api SKILL.md:13 File Tree
3 files · 6.5 KB · 209 lines Python 1f · 112L
Markdown 2f · 97L
├─
▾
references
│ └─
content-marketing-dashboard-api.md
Markdown
├─
▾
scripts
│ └─
xhs_note_gen.py
Python
└─
SKILL.md
Markdown
Security Positives
✓ No subprocess or shell execution — uses only stdlib urllib.request
✓ No credential harvesting or environment variable enumeration
✓ No sensitive file/path access (~/.ssh, ~/.aws, .env, etc.)
✓ No obfuscation (no base64, no eval, no encoded payloads)
✓ No data exfiltration — only sends task parameters to the declared API
✓ No supply chain risk — no external dependencies (stdlib only)
✓ Output is scoped and controlled — returns only generated note content
✓ Documentation is accurate; behavior matches declared intent