xiaohongshu-publish
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses sensitive authentication data from a local file path at
~/.openclaw/secrets/xiaohongshu.json. This is required for the skill's primary purpose of social media automation but involves handling highly sensitive browser cookies. - [COMMAND_EXECUTION]: The Python script
publish_long_text.pyuses the Playwright library to launch and control a Chromium browser instance, which is used to automate web interactions and publish posts. - [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data.
- Ingestion points: The
titleandcontentparameters inpublish_long_text.pyreceive input from the AI agent, which may be derived from untrusted external sources. - Boundary markers: No technical boundary markers (e.g., XML tags or delimiters) are implemented in the code to separate instructions from data, though the
SKILL.mdincludes natural language warnings. - Capability inventory: The skill has the capability to perform browser automation and publish public content to a social media platform.
- Sanitization: The script performs basic length validation on the
titlebut lacks sanitization or escaping for thecontentfield before injecting it into the web editor. - [DYNAMIC_EXECUTION]: The skill uses
context.add_init_script(path=STEALTH_JS_PATH)to execute a local JavaScript file (stealth.min.js) within the browser context to evade bot detection.
Audit Metadata