xiaohongshu-auto-posting

Warn

Audited by Socket on Jun 13, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: the skill is broadly coherent with its stated Xiaohongshu automation purpose and routes actions to the official platform, but it carries medium risk because it installs and trusts an external browser automation CLI, uses a logged-in stealth browser session, processes untrusted platform content, and can take real-world posting/reply actions. This looks more like a high-impact automation skill than malware, but it requires substantial execution trust.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 13, 2026, 04:40 AM
Package URL
pkg:socket/skills-sh/browser-act%2Fskills%2Fxiaohongshu-auto-posting%2F@b3939e7e622c5019cfe53197f2655c49b2bcb7050d09bd7d23dfc20233a65100
Security Audit — socket — xiaohongshu-auto-posting