xhs-publish

SUSPICIOUS: The skill is largely coherent for Xiaohongshu publishing and does not show obvious credential harvesting or hostile third-party routing, but it performs real-world public posting through an unspecified local automation script and also consumes untrusted web content. The confirmation gate lowers risk, yet the undocumented local CLI trust surface and action capability keep this above benign.