xiaohongshu-tools
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
download_videos_from_manifest_with_ytdlp.mjsusesnode:child_processto executepython3 -m yt_dlp. This is used to download videos as part of the tool's intended functionality for media collection. - [EXTERNAL_DOWNLOADS]: The skill integrates with
yt-dlp, a well-known open-source utility for video downloads. It also communicates with the vendor's cloud infrastructure (PostPlus Cloud) via a hosted collection bridge to perform data retrieval tasks. - [DATA_EXFILTRATION]: While the skill performs network operations and reads local configuration files, these activities are limited to communicating with the author's official APIs and managing session tokens for the tool's execution environment. No evidence of unauthorized data transmission to third parties was found.
- [SAFE]: The skill implements security-positive features, such as SHA256-based execution approval checks for sensitive operations and structured logging of skill events.
Audit Metadata