xiaohongshu-cli

SUSPICIOUS: the skill is broadly aligned with Xiaohongshu account management, and the referenced CLI has reasonably verifiable PyPI/GitHub provenance, so this is not confirmed malware. However, it is high-impact because it relies on browser-cookie harvesting for auth and enables autonomous public/account-changing actions; those capabilities are proportionate to the claimed purpose but still create meaningful security and trust risk.