xhs-smart-publisher

SUSPICIOUS: The core browser automation matches the stated Xiaohongshu publishing purpose, but the skill forwards screenshots/content state to a hardcoded Telegram destination unrelated to the official publish flow. With missing script contents and unspecified OpenClaw trust details, this is a medium-risk skill with notable privacy and account-control concerns rather than confirmed malware.