rednote-skill

This skill is functionally coherent with its stated purpose: browser-automation for Xiaohongshu interaction using Playwright. The primary risks are operational and misuse-related rather than indictable malware in the provided description. Key concerns: persistent storage of session cookies in rednote_cookies.json (credential exposure risk), the ability to perform authenticated actions (likes, comments, follows, publish) programmatically which can be abused or lead to account suspension, and the potential for arbitrary local file uploads if scripts are pointed at sensitive paths. No direct evidence of network exfiltration to attacker-controlled domains or download-and-execute supply-chain tricks appears in the text. The skill should be treated as medium-high risk in threat models where automation may be triggered without explicit human consent; operators should secure cookie storage, limit automation, and add explicit confirmations and rate-limiting enforcement.