xhs-interact

Warn

Audited by Socket on Apr 22, 2026

1 alert found:

Anomaly

AnomalySKILL.md

LOW

AnomalyLOW

SKILL.md

该技能目的与能力基本一致，未见明显恶意安装链或显式凭证窃取。但它依赖未公开实现的本地脚本处理敏感 `xsec_token`，且可直接对真实小红书账号执行外部互动；运行时网络终点不透明，导致数据流完整性与凭证处理存在中等风险。整体判断为 SUSPICIOUS 而非明确恶意。

Confidence: 81%Severity: 58%

Audit Metadata

Analyzed At

Apr 22, 2026, 07:36 AM

Package URL

pkg:socket/skills-sh/autoclaw-cc%2Fxiaohongshu-skills%2Fxhs-interact%2F@9d851db7ad1dc7b877a175e5ee33334eae11bc2d