XiaoHongShu (Little Red Book) data collection and interaction toolkit. Use when working with XiaoHongShu (小红书) platform for: (1) Searching and scraping notes/posts, (2) Getting user profiles and details, (3) Extracting comments and likes, (4) Following users and liking posts, (5) Fetching home feed and trending content. Automatically handles all encryption parameters (cookies, headers) including a1, webId, x-s, x-s-common, x-t, sec_poison_id, websectiga, gid, x-b3-traceid, x-xray-traceid. Suppor
Security Analysis
high confidenceThe skill's code, instructions, and included files are coherent with a XiaoHongShu scraping / interaction toolkit — the files implement the claimed encryption, cookie and header generation, and web APIs; no unrelated credentials or external installers are requested.
The skill's name/description promise (searching, scraping, getting profiles, comments, likes, following, generating a1/webId/x-s/x-s-common/x-t/websectiga/gid, etc.) is implemented by the included Python modules. The included encryption, cookie, and header code matches the description and the API call modules (note/comment/note_detail/like/follow) are present. There are no unrelated cloud credentials, binaries, or install steps requested that would contradict the stated purpose.
SKILL.md stays focused on using the shipped library and shows how to create sessions, search, fetch notes, and interact (like/follow). It asks users to optionally provide a web_session cookie (expected for authenticated actions). Notes: the README/example inserts a Windows-specific absolute sys.path (C:\Users\Chocomint\.openclaw\workspace\xiaohongshu\scripts) in examples — that's a local example path and should be adapted when running in other environments. The SKILL.md and code reference only the skill's own config and files; they do not attempt to read unrelated system paths or request unrelated environment variables.
There is no install spec (instruction-only skill) and the package ships code files inside the skill bundle. The SKILL.md suggests installing a small set of Python dependencies via pip (aiohttp, loguru, pycryptodome, getuseragent) which is proportional to the task. There are no downloads from untrusted URLs or archives in an install step.
The skill requests no environment variables or external credentials in metadata. It does expect — and the code is designed to accept — a web_session cookie (user-provided) for authenticated operations; this is appropriate for a toolkit that can act on a user account. Warning: providing your web_session cookie grants the code the ability to act on your account (follow/like/post-like actions) so treat that credential as sensitive. No unrelated secrets (AWS, GitHub tokens, etc.) are requested.
The skill is not always-included and is user-invocable; model invocation is permitted (normal). The skill does not request system-wide settings or modify other skills. It does ship executable Python code which will run when invoked, but it does not request elevated or persistent platform privileges beyond normal execution.
Guidance
This skill implements reverse-engineered encryption and fingerprint logic so it can call XiaoHongShu web APIs and perform actions (search, fetch notes, get comments, follow, like). Before installing or using it: (1) Only supply your web_session cookie if you trust the code — that cookie allows authenticated actions on your account and could be abused; prefer guest mode if you only need read-only data. (2) Be aware automated likes/follows can violate platform terms and may get an account restricted — use cautiously. (3) The example SKILL.md uses a hard-coded Windows sys.path; adapt paths to your environment and run the code in an isolated Python environment. (4) Review the included code yourself (it is shipped with the skill) if you have concerns about network destinations or hidden behavior — the network endpoints referenced are XiaohongShu domains and the code does not call unknown third-party servers. (5) If you need higher assurance, run the skill in a sandboxed VM/container and do not expose real account cookies until you've audited behavior.
Latest Release
v0.1.0
Initial release of the XiaoHongShu (Little Red Book) data collection and interaction toolkit. - Search and scrape notes/posts by keyword - Fetch user profiles, note details, comments, likes, and trending content - Support for following users and liking posts - Handles all required XiaoHongShu encryption parameters (no browser/JS required) - Allows operation in both guest mode and authenticated mode (via web_session cookie) - Proxy support for bypassing platform restrictions and rate limits - Provides detailed usage instructions, example workflows, and troubleshooting tips
More by @ChocomintX
Published by @ChocomintX on ClawHub
