write-xiaohongshu

The skill is consistent with its stated purpose and contains expected high-privilege operations (reading posts/comments and publishing). Primary risks are operational: (1) autonomy risk from publish capability — require explicit per-post user confirmation and audit logs; (2) credential/token handling — enforce least privilege, secure storage, and short token lifetimes; (3) data privacy — avoid storing verbatim comments, redact identifiers; (4) external image sourcing — prefer known stock providers, rehost or scan images. I found no evidence of obfuscated code, embedded backdoors, or explicit exfiltration endpoints in the provided specification. Treat as low-to-moderate security risk that can be mitigated by the recommendations above.