{"id":"xiangyu-cas-xiaohongshu-ops-skill","name":"xiaohongshu-ops-skill","homepage":null,"repo_url":"https://github.com/Xiangyu-CAS/xiaohongshu-ops-skill","category":"automation","subcategories":[],"tags":["automation","social-media","xiaohongshu","browser-automation","content-analysis","publishing","agent-skill","knowledge-base"],"what_it_does":"A browser-automation “skill” for operating Xiaohongshu (Rednote/XHS) accounts using CDP automation. It supports analyzing a home feed and an account, generating topic ideas, persisting analysis into a local markdown knowledge base, and performing operational tasks like publishing posts, replying to comments, downloading target note content, and “replicating”/reposting based on an existing viral note link. Authentication is described as requiring initial QR-code login with subsequent runs not needing repeated verification.","use_cases":["Home feed recommendation analysis to identify content patterns and hooks","Account/positioning analysis to diagnose which posts perform better","Topic ideation aligned to account persona and platform trends","Knowledge-base persistence of patterns/actions for later review","Automated publication of image/text posts","Automated comment checking and reply","Downloading images/text from a target note URL","Viral-note “replication” workflow: analyze a source note and publish similar content"],"not_for":["Real-time, guaranteed compliance with platform policies (no evidence of policy-safe/permissioned operation)","Use as a general-purpose XHS API for other developers (appears automation-based, not an official API)","High-assurance automation where failures must be strictly controlled and auditable (no evidence of robust structured error reporting/retry/idempotency)"],"best_when":"You want semi-autonomous growth operations for a single (your own) Xiaohongshu account and accept browser-automation risk/instability.","avoid_when":"You need an official/API-based integration, require strong contractual reliability/SLA, or cannot tolerate frequent breakage due to UI/platform changes.","alternatives":["Use Xiaohongshu’s official tools/APIs if available for analytics/publishing","Build a manual workflow using templates for ideation and post publishing","Use other automation/management platforms that provide official integrations or stable APIs"],"af_score":29.0,"security_score":29.5,"reliability_score":20.0,"package_type":"skill","discovery_source":["openclaw"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:24:32.874276+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["QR-code login via browser automation (initial login); subsequent runs described as not requiring repeated verification"],"oauth":false,"scopes":false,"notes":"Auth is described operationally (scan QR once). No details provided on token handling, rotation, or scope limitation."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information in the provided README content. Notes that publishing/cover generation may require a gemini_api_key and mentions it can be “white-usable,” but no formal pricing/tiers described."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":29.0,"security_score":29.5,"reliability_score":20.0,"mcp_server_quality":0.0,"documentation_accuracy":35.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":60.0,"rate_limit_clarity":0.0,"tls_enforcement":30.0,"auth_strength":30.0,"scope_granularity":10.0,"dependency_hygiene":40.0,"secret_handling":40.0,"security_notes":"No explicit security architecture is described. The solution uses browser automation for login and likely stores/handles session state; secret handling is not documented. It mentions gemini_api_key usage but provides no secure storage guidance. Because there is no API contract, no scope granularity, and no documented operational safety controls (e.g., least-privilege, audit logs, anti-CSRF/session protections), security posture appears moderate-to-weak based on documentation alone.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":25.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Browser automation (CDP) is sensitive to UI changes; skills may break when XHS updates","Initial QR-code login is required; agent workflows may fail if session expires or verification is triggered again","Publishing/comment-reply operations are side-effecting; without explicit idempotency/retry guidance, agents may duplicate actions on failures/timeouts","Automated “replication” workflows may require careful handling of copyrighted/trademarked content and platform rules (not evidenced as handled)"]}}