xiaohongshu
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation prompts users to provide their 'web_session' cookies to enable authenticated operations like following users or liking notes. Managing sensitive session credentials in plain text scripts increases the risk of credential exposure.
- [EXTERNAL_DOWNLOADS]: The skill requires several external Python libraries ('aiohttp', 'loguru', 'pycryptodome', 'getuseragent') and attributes its core functionality to an unverified third-party repository on GitHub ('Cialle/RedCrack').
- [COMMAND_EXECUTION]: Usage examples contain a hardcoded absolute path ('C:\Users\Chocomint\.openclaw\workspace\xiaohongshu\scripts') and use 'sys.path.insert' to dynamically load modules. This pattern exposes the developer's system username ('Chocomint') and creates a rigid dependency on a specific directory structure.
- [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection by ingesting and processing untrusted data (notes and comments) from the XiaoHongShu platform.
- Ingestion points: Note search results and comment list APIs (e.g., 'apis.note.search_notes', 'apis.comments.get_comments').
- Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the provided instructions.
- Capability inventory: The skill performs network requests and data retrieval.
- Sanitization: No evidence of input validation or content filtering for platform-sourced data is documented.
Audit Metadata