中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 10/100
Last scan:19 hr ago Rescan
10 /100
xhs-autopilot
Full-autonomous Xiaohongshu (Little Red Book/RED) AI-native content system. 30-min operation loop with self-improvement, multi-modal content generation, and automated publishing.
Documentation-only skill package for Xiaohongshu social media automation with no executable code present and no malicious indicators found.
Skill Namexhs-autopilot
Duration34.0s
Enginepi
Safe to install
This is a documentation package with no actual scripts. Verify script availability before deployment.

Findings 1 items

Severity Finding Location
Low
Referenced scripts not present in package Doc Mismatch
SKILL.md lists multiple scripts (search/run.py, cover/run.py, publish/run.py, etc.) as available tools, but none of these files exist in the package. This is either a documentation template or the scripts were removed.
scripts/search/run.py, scripts/cover/run.py, scripts/publish/run.py
→ Verify that scripts exist before execution or clarify that this is documentation-only
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No scripts to infer filesystem access
Network READ READ ✓ Aligned Documentation mentions WebFetch/web requests for research
Shell NONE NONE References bash commands but no scripts present
Browser WRITE WRITE ✓ Aligned CDP browser control via localhost:9222 is documented
1 findings
🔗
Medium External URL 外部 URL
https://creator.xiaohongshu.com/publish/publish
references/develop_protocol/DEVELOPER_BIBLE.md:110

File Tree

3 files · 14.2 KB · 490 lines
Markdown 2f · 489L JSON 1f · 1L
├─ 📁 references
│ └─ 📁 develop_protocol
│ └─ 📝 DEVELOPER_BIBLE.md Markdown 216L · 6.9 KB
├─ 📋 _meta.json JSON 1L · 362 B
└─ 📝 SKILL.md Markdown 273L · 6.9 KB

Security Positives

✓ All browser automation capabilities are thoroughly documented
✓ Anti-detection measures (human-like delays, viewport traps) are well-specified
✓ No obfuscation or suspicious encoding patterns detected
✓ No credential harvesting or data exfiltration mentioned
✓ Memory architecture provides good separation of concerns
✓ Exit codes and status tags provide clear observability