xiaohongshu-title
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes a vendor-provided API at 'redfox.hk' to retrieve Xiaohongshu trending data. This domain is consistent with the author's identity ('redfox-data') and is used exclusively for the skill's primary functionality.
- [SAFE]: Sensitive information is handled securely using the 'REDFOX_API_KEY' environment variable. The skill instructions explicitly prohibit hardcoding secrets, aligning with standard security best practices for credential management.
- [SAFE]: The Python script 'scripts/fetch_xhs_trends.py' performs standard HTTP requests to the vendor's API using the trusted 'requests' library. No suspicious network activities or exfiltration of user data to third-party domains were detected.
- [SAFE]: The skill uses a local script to process data and generate suggestions. The logic within 'fetch_xhs_trends.py' is transparent and limited to retrieving and formatting public Xiaohongshu note metadata for analysis.
- [SAFE]: No obfuscation, prompt injection vectors, or unauthorized persistence mechanisms were identified in any of the skill's files.
Audit Metadata