xiaohongshu-note-creator

SUSPICIOUS. The skill’s core behavior is mostly aligned with its purpose: it reads WPS notes, rewrites them into Xiaohongshu format, writes results back, and can generate images. The main security concerns are moderate rather than overtly malicious: note content and images may be sent to external image providers, provider credentials are retrieved from notes and forwarded to an unreviewed local script, and the workflow performs automatic note writes. No clear credential-harvesting or unrelated capability is present, but the local script and external data flows make this higher risk than a pure documentation/content-formatting skill.