xiaohongshu-upload
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the
sauCLI tool to perform account management and content uploads. The provided Python template usessubprocess.runwith argument lists andshlex.quote, which is a secure practice to prevent shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The documentation suggests installing dependencies via
uvand downloading browser binaries forpatchright. It recommends using a well-known mirror (npmmirror.com) for Playwright downloads, which is standard practice in certain network environments. - [DATA_EXFILTRATION]: While the skill manages authentication cookies for Xiaohongshu, there is no evidence of these cookies being transmitted to unauthorized external endpoints. The workflow focuses on local storage and user-interactive login via QR codes.
Audit Metadata