xiaohongshu-reply
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses authentication cookies stored at the sensitive file path
~/.openclaw/secrets/xiaohongshu.jsonincheck_comments.py,fetch_latest.py, andreply_fixed.pyto authenticate browser sessions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted user-generated comments from the Xiaohongshu platform.
- Ingestion points: User comments are extracted from the page body via
page.text_content('body')incheck_comments.pyandfetch_latest.py. - Boundary markers: No technical boundary markers or specific formatting are used to isolate untrusted data from the agent's instructions.
- Capability inventory: The skill uses Playwright to perform automated browser actions such as clicking, typing, and sending messages, and can write debug information to local files.
- Sanitization: Extracted comment content is processed and displayed without validation or sanitization.
- [COMMAND_EXECUTION]: The skill utilizes Playwright to automate browser interactions and injects an external script (
stealth.min.js) into the browser context to evade bot detection.
Audit Metadata