xhs-cli

The codebase (as described in the README) represents a legitimate automation tool for interacting with Xiaohongshu via browser automation. While not inherently malicious, it enables data scraping and automated actions that could violate terms of service and raise privacy concerns. The main security considerations are handling of session cookies/tokens, secure storage of credentials, and ensuring compliance with platform policies. There is no evidence of malware in the provided fragment, but the tool’s capabilities could be abused if misused or if credentials are leaked.

该技能的核心能力与“小红书 CLI”目的基本一致，没有明显第三方凭证中转或明显恶意取证迹象，因此不像确认恶意。但它依赖浏览器自动化绕过官方 API、持久化登录 Cookie，并支持 --auto 自动发帖，这使其具备中等偏高风险，尤其在账号接管、误发帖和会话泄露方面。总体判断为 SUSPICIOUS 而非 MALICIOUS。