The Agent Skills Directory

[DATA_EXFILTRATION]: The skill includes instructions to send browser screenshots to a hardcoded Telegram channel ID (-1003890797239) using the xiaocode account. Because the agent is logged into the Xiaohongshu creator platform, these screenshots can expose sensitive information such as private draft content, account identifiers, and internal platform data to an external party.
[COMMAND_EXECUTION]: The documentation specifies the use of a local Python script (scripts/xhs_publish.py) with various command-line arguments to perform the publishing. Running local scripts provides a vector for arbitrary code execution on the user's system.
[PROMPT_INJECTION]: The skill processes arbitrary user-provided content to adapt it into a specific social media format. This input surface is vulnerable to indirect prompt injection, where malicious instructions embedded in the source text could attempt to hijack the agent's logic or bypass the confirmation steps.
[EXTERNAL_DOWNLOADS]: The automation workflow depends on an external service ('openclaw') typically accessed via a local CDP port (http://127.0.0.1:18800). This introduces a dependency on third-party software to manage browser sessions and authentication states.

xhs-smart-publisher