xhs-skill

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

本技能是

xhs-*

的合并版，目标是让用户只需要

clawhub install xhs-skill

一次即可开始使用。

约束：

所有浏览器交互（打开页面/点击/输入/上传/截图/登录/导出）全部委托
```
agent-browser-stealth
```
。
禁止在本仓库编写/维护发布编排脚本（如
```
publish_from_payload
```
）；发布动作必须在会话中由
```
agent-browser-stealth
```
执行。
禁止使用
```
agent-browser
```
（旧通道禁用，统一使用
```
agent-browser-stealth
```
）。
所有敏感数据（cookies、导出文件、截图）只落地在本机
```
data/
```
目录，不要粘贴到聊天里。

执行硬约束（稳定性）：

同一
```
agent-browser-stealth
```
session 禁止并发操作（串行执行），否则容易触发
```
os error 35
```
假失败。
```
snapshot
```
的 ref 会漂移：关键动作前后必须重抓
```
snapshot -i
```
，并用
```
placeholder/role/text
```
做二次定位兜底。
扫码不等于登录成功；必须做后验校验（见下方 A 节“登录成功判定”）。

This skill is a merged version of

xhs-*

, designed to allow users to start using it with just one command:

clawhub install xhs-skill

Constraints:

All browser interactions (open page/click/input/upload/screenshot/login/export) must be delegated to
```
agent-browser-stealth
```
.
It is prohibited to write/maintain publishing orchestration scripts (such as
```
publish_from_payload
```
) in this repository; publishing actions must be executed by
```
agent-browser-stealth
```
within the session.
```
agent-browser
```
is prohibited (old channel disabled, unified use of
```
agent-browser-stealth
```
).
All sensitive data (cookies, exported files, screenshots) can only be stored in the local
```
data/
```
directory, and must not be pasted into chats.

Hard Execution Constraints (Stability):

Concurrent operations are prohibited in the same
```
agent-browser-stealth
```
session (execute serially), otherwise it may easily trigger false failures with
```
os error 35
```
.
The ref of
```
snapshot
```
will drift:
```
snapshot -i
```
must be re-captured before and after key actions, with secondary positioning fallback using
```
placeholder/role/text
```
.
Scanning the QR code does not equal successful login; post-verification must be performed (see Section A "Login Success Criteria" below).

安装

Installation

bash

clawhub install xhs-skill
cd skills/xhs-skill
npm i

说明：

npm i

仅用于本技能自带的本地 CLI（二维码解码、cookies 工具）。如果你不需要解码二维码/转换 cookies，也可以只用

agent-browser-stealth

完成扫码与导出。

bash

clawhub install xhs-skill
cd skills/xhs-skill
npm i

Note:

npm i

is only for the local CLI built into this skill (QR code decoding, cookies tools). If you don't need to decode QR codes/convert cookies, you can also use

agent-browser-stealth

alone to complete scanning and export.

目录约定（本机）

Local Directory Convention

建议在你运行命令的工作目录下准备：

```
data/xhs_login_qr.png
```
：登录页二维码截图（PNG）
```
data/raw_cookies.json
```
：导出的原始 cookies（JSON）
```
data/xhs_cookies.json
```
：归一化后的 cookies（JSON）
```
data/exports/<YYYY-MM-DD>/
```
：导出数据（CSV/XLSX/截图）
```
data/assets/<YYYY-MM-DD>/
```
：发布笔记用的图标/配图素材与来源记录

bash

mkdir -p data

It is recommended to prepare the following in the working directory where you run commands:

```
data/xhs_login_qr.png
```
: Screenshot of the login page QR code (PNG)
```
data/raw_cookies.json
```
: Exported raw cookies (JSON)
```
data/xhs_cookies.json
```
: Normalized cookies (JSON)
```
data/exports/<YYYY-MM-DD>/
```
: Exported data (CSV/XLSX/screenshots)
```
data/assets/<YYYY-MM-DD>/
```
: Icons/visual materials for note publishing and source records

bash

mkdir -p data

A. 登录（扫码）并保存 cookies

A. Login (QR Code) and Save Cookies

目标：登录小红书创作者中心并导出 cookies，避免频繁重复登录。

用
```
agent-browser-stealth
```
打开登录页：

```
https://creator.xiaohongshu.com/login
```
若默认展示「手机号/验证码登录」，点击「扫码」切换到二维码视图

让

agent-browser-stealth

截图保存二维码（PNG）到

data/xhs_login_qr.png

（可选）用本地 CLI 解码二维码文本并打印 ASCII 二维码：

bash

node ./bin/xhs-skill.mjs qr show --in ./data/xhs_login_qr.png

OpenClaw 回传规范（强制）：

禁止只回传文件路径（例如仅说
```
data/xhs_login_qr.png
```
）。
必须先执行
```
node ./bin/xhs-skill.mjs qr show --in ./data/xhs_login_qr.png
```
，然后把输出的二维码文本 + ASCII 二维码直接发给用户。
若会话支持图片渲染，再附上二维码截图绝对路径（或图片附件）作为补充。
发完二维码后必须暂停，等待用户确认“已扫码”再继续 cookies 导出。

推荐回传模板：

text

请用小红书 App 扫这个二维码登录。
二维码文本: <qr_text>
<ASCII QR>

用小红书 App 扫码完成登录后，导出 cookies 到
```
data/raw_cookies.json
```
（不走 DevTools）：

bash

agent-browser-stealth cookies --json > ./data/raw_cookies.json

归一化 cookies 并保存到
```
data/xhs_cookies.json
```
：

bash

node ./bin/xhs-skill.mjs cookies normalize --in ./data/raw_cookies.json --out ./data/xhs_cookies.json
node ./bin/xhs-skill.mjs cookies status --in ./data/xhs_cookies.json

5.1 推荐用脚本做后验校验（可执行门禁）：

bash

undefined

Objective: Log in to Xiaohongshu Creator Center and export cookies to avoid frequent repeated logins.

Use
```
agent-browser-stealth
```
to open the login page:

```
https://creator.xiaohongshu.com/login
```
If the default display is "Phone/Verification Code Login", click "Scan QR Code" to switch to the QR code view

Let
```
agent-browser-stealth
```
take a screenshot of the QR code and save it as
```
data/xhs_login_qr.png
```
(Optional) Use the local CLI to decode the QR code text and print the ASCII QR code:

bash

node ./bin/xhs-skill.mjs qr show --in ./data/xhs_login_qr.png

OpenClaw Return Specification (Mandatory):

It is prohibited to only return the file path (e.g., only
```
data/xhs_login_qr.png
```
).
You must first execute
```
node ./bin/xhs-skill.mjs qr show --in ./data/xhs_login_qr.png
```
, then directly send the output QR code text + ASCII QR code to the user.
If the session supports image rendering, attach the absolute path of the QR code screenshot (or image attachment) as a supplement.
After sending the QR code, you must pause and wait for the user to confirm "Scanned" before proceeding with cookie export.

Recommended Return Template:

text

Please scan this QR code with the Xiaohongshu App to log in.
QR Code Text: <qr_text>
<ASCII QR>

After scanning and logging in with the Xiaohongshu App, export cookies to
```
data/raw_cookies.json
```
(without using DevTools):

bash

agent-browser-stealth cookies --json > ./data/raw_cookies.json

Normalize cookies and save to
```
data/xhs_cookies.json
```
:

bash

node ./bin/xhs-skill.mjs cookies normalize --in ./data/raw_cookies.json --out ./data/xhs_cookies.json
node ./bin/xhs-skill.mjs cookies status --in ./data/xhs_cookies.json

5.1 It is recommended to use a script for post-verification (executable gatekeeper):

bash

undefined

例：先让 agent-browser-stealth 记录当前 URL 与后台探测后的 URL

Example: First let agent-browser-stealth record the current URL and the URL after backend detection

CURRENT_URL="$(agent-browser-stealth get url)" agent-browser-stealth open https://creator.xiaohongshu.com/creator/home PROBE_FINAL_URL="$(agent-browser-stealth get url)"

node ./scripts/verify_login.mjs
--cookies ./data/xhs_cookies.json
--current-url "$CURRENT_URL"
--probe-final-url "$PROBE_FINAL_URL"
--json


登录成功判定（强制）：

- 必须同时满足以下 2 条才可回报“登录完成”（`web_session` 不再作为硬依赖）：
- 当前 URL 已离开 `/login`
- 可访问创作者后台页面，且不会 401/回跳登录
- 加分项：cookies 中存在“session-like cookie”（例如 `web_session`，或 cookie 名含 `session`）。没有也可能可用，但稳定性更差。
- 任一强制条件不满足，必须回报“登录失败/未完成”，并重试登录流程；禁止误报成功。

登录结果输出契约（JSON）：

```json
{
  "task": "xhs_login",
  "ok": true,
  "checks": {
    "left_login": true,
    "backend_not_rejected": true,
    "has_session_like_cookie": true
  },
  "artifacts": {
    "qr_png": "data/xhs_login_qr.png",
    "raw_cookies": "data/raw_cookies.json",
    "normalized_cookies": "data/xhs_cookies.json"
  }
}

失败时

ok=false

，并给出失败项（例如仍在

/login

、或 probe 回跳），禁止输出“已完成”。

（可选）生成
```
Cookie:
```
header：

bash

node ./bin/xhs-skill.mjs cookies to-header --in ./data/xhs_cookies.json

失败回退：

二维码解码失败：通常是没有切到扫码视图或二维码太小，让
```
agent-browser-stealth
```
放大后重新截图（仍为 PNG）。
cookies 归一化失败：保留原始
```
data/raw_cookies.json
```
，后续再扩展兼容分支。

CURRENT_URL="$(agent-browser-stealth get url)" agent-browser-stealth open https://creator.xiaohongshu.com/creator/home PROBE_FINAL_URL="$(agent-browser-stealth get url)"

node ./scripts/verify_login.mjs
--cookies ./data/xhs_cookies.json
--current-url "$CURRENT_URL"
--probe-final-url "$PROBE_FINAL_URL"
--json


Login Success Criteria (Mandatory):

- Both of the following 2 conditions must be met to report "Login Completed" (`web_session` is no longer a hard dependency):
- The current URL has left `/login`
- The creator backend page is accessible, and there is no 401/redirect to login
- Bonus: The cookies contain a "session-like cookie" (e.g., `web_session`, or a cookie name containing `session`). Even without it, it may still work, but stability will be worse.
- If any mandatory condition is not met, you must report "Login Failed/Incomplete" and retry the login process; false success reports are prohibited.

Login Result Output Contract (JSON):

```json
{
  "task": "xhs_login",
  "ok": true,
  "checks": {
    "left_login": true,
    "backend_not_rejected": true,
    "has_session_like_cookie": true
  },
  "artifacts": {
    "qr_png": "data/xhs_login_qr.png",
    "raw_cookies": "data/raw_cookies.json",
    "normalized_cookies": "data/xhs_cookies.json"
  }
}

When failed,

ok=false

, and the failed items are returned (e.g., still in

/login

, or probe redirects); outputting "Completed" is prohibited.

(Optional) Generate
```
Cookie:
```
header:

bash

node ./bin/xhs-skill.mjs cookies to-header --in ./data/xhs_cookies.json

Failure Fallback:

QR code decoding failed: Usually because the QR code view was not switched to or the QR code is too small; let
```
agent-browser-stealth
```
zoom in and re-screenshot (still as PNG).
Cookie normalization failed: Keep the original
```
data/raw_cookies.json
```
, and expand the compatibility branch later.

A1. 防封/限流运行规范（强制）

A1. Anti-blocking/Throttling Operation Specifications (Mandatory)

核心结论：小红书风控主要看“节奏 + 指纹 + 行为 + IP + 账号权重”。工具本身不是主因，使用方式才是主因。

强制策略：

真人节奏：

禁止连续无停顿点击/填写；关键动作之间必须随机停顿（建议
```
1.2s~7s
```
）。
输入优先
```
type --delay
```
（逐字），避免全量瞬时
```
fill
```
。

固定指纹：

运行发布流程时优先固定
```
--profile
```
，并启用
```
--headed
```
。
推荐同一账号长期复用同一个 profile 目录，不要每次新建临时环境。

发布频率门禁：

同一 profile 默认
```
24h <= 3
```
篇。
两次发布最小间隔默认
```
30
```
分钟。
命中门禁必须中止，不允许强发。

发布前预热行为：

先做一次短时正常浏览（首页/创作者后台停留 + 滚动），再进入发布页。
禁止“打开页面后立刻提交”。

网络与设备：

禁止机房 IP / 高频切换代理。
优先家庭网络或手机热点；同账号尽量保持设备/IP 稳定。

被限流后的处理：

限流：停自动化，回归手动正常使用
```
3~7
```
天。
封号：仅能申诉；换号时要同时更换
```
profile + IP + 设备环境
```
。

Core Conclusion: Xiaohongshu's risk control mainly focuses on "rhythm + fingerprint + behavior + IP + account weight". The tool itself is not the main cause; the usage method is.

Mandatory Strategies:

Human-like Rhythm:

Continuous clicks/fills without pauses are prohibited; random pauses (recommended
```
1.2s~7s
```
) must be added between key actions.
For input, prioritize
```
type --delay
```
(character by character) to avoid full instant
```
fill
```
.

Fixed Fingerprint:

When running the publishing process, prioritize fixing
```
--profile
```
and enabling
```
--headed
```
.
It is recommended to reuse the same profile directory for the same account for a long time; do not create a temporary environment every time.

Publishing Frequency Gatekeeper:

Default
```
24h <= 3
```
posts for the same profile.
Default minimum interval between two posts is
```
30
```
minutes.
If the gatekeeper is triggered, the process must be aborted; forced publishing is not allowed.

Pre-publishing Warm-up Behavior:

First perform a short normal browse (stay on homepage/creator backend + scroll), then enter the publishing page.
"Submit immediately after opening the page" is prohibited.

Network and Device:

Data center IPs/frequent proxy switching are prohibited.
Prioritize home network or mobile hotspot; try to keep the device/IP stable for the same account.

Handling After Throttling:

Throttling: Stop automation, return to manual normal use for
```
3~7
```
days.
Account banned: Only appeal is available; when switching accounts, you must also replace
```
profile + IP + device environment
```
.

B. 发布笔记（图文/视频）

B. Publish Notes (Image/Video)

输入（用户提供）：

笔记类型：图文或视频
标题、正文、标签（必填）
话题（必填；做热点发布时必须是“今天热点”）
图片/视频路径（本机绝对路径优先）
图标/配图需求（可选）：关键词、风格（扁平/拟物/线性）、主色、是否透明背景
热点来源（必填）：来源名、来源 URL、来源日期（
```
YYYY-MM-DD
```
）

发布硬门禁（强制）：

先把发布素材整理为
```
data/publish_payload.json
```
（示例）：

json

{
  "topic": "今日热点：xxxx",
  "source": {
    "name": "央视新闻",
    "url": "https://example.com/news",
    "date": "2026-02-12",
    "evidence_snippet": "2月12日该媒体报道提到：......",
    "key_facts": ["关键事实1（含日期/数字）", "关键事实2（含日期/数字）"]
  },
  "post": {
    "title": "20字内标题示例",
    "body": "不少于 80 字的正文......",
    "tags": ["#热点", "#今日新闻", "#小红书运营"],
    "real_topics": ["#人工智能", "#AI资讯", "#科技观察"],
    "media": ["/abs/path/cover.png", "/abs/path/card_1.png"]
  }
}

发布前必须执行校验脚本：

bash

undefined

Input (Provided by User):

Note type: Image/Video
Title, body, tags (required)
Topic (required; must be "Today's Hot Topic" for hot topic publishing)
Image/video path (absolute local path preferred)
Icon/visual material requirements (optional): Keywords, style (flat/skeuomorphic/linear), main color, transparent background or not
Hot topic source (required): Source name, source URL, source date (
```
YYYY-MM-DD
```
)

Publishing Hard Gatekeepers (Mandatory):

First organize the publishing materials into
```
data/publish_payload.json
```
(example):

json

{
  "topic": "Today's Hot Topic: xxxx",
  "source": {
    "name": "CCTV News",
    "url": "https://example.com/news",
    "date": "2026-02-12",
    "evidence_snippet": "On February 12, this media report mentioned:......",
    "key_facts": ["Key Fact 1 (including numbers/dates/source mentions)", "Key Fact 2 (including numbers/dates/source mentions)"]
  },
  "post": {
    "title": "Example title within 20 characters",
    "body": "Body with no less than 80 words......",
    "tags": ["#HotTopic", "#TodayNews", "#XiaohongshuOperation"],
    "real_topics": ["#ArtificialIntelligence", "#AII资讯", "#TechnologyObservation"],
    "media": ["/abs/path/cover.png", "/abs/path/card_1.png"]
  }
}

Must execute the verification script before publishing:

bash

undefined

普通模式

Normal mode

node ./scripts/verify_publish_payload.mjs --in ./data/publish_payload.json --policy ./config/verify_publish_policy.json --tag-registry ./data/tag_registry.json --min-registry-tags 12 --require-source-evidence on --strict-anti-ai on --json

今天热点模式（强制 source.date = 今天）

Today's Hot Topic mode (mandatory source.date = today)


3. 发布前必须执行内容审核脚本（分层规则 + AI）：

```bash
node ./scripts/review_publish_payload.mjs --in ./data/publish_payload.json --policy ./config/review_policy.json --taxonomy ./config/review_taxonomy.json --ai-provider auto --require-ai off --mode hot --json

只有当校验和审核结果都
```
ok=true
```
才允许进入发布页点击“发布/提交”。校验策略在
```
./config/verify_publish_policy.json
```
，审核策略在
```
./config/review_policy.json
```
，分层风险路径在
```
./config/review_taxonomy.json
```
。
任一门禁失败必须中止流程并提示补齐，禁止“只传截图直接发”。

禁止链接（强制）：

标题/正文/标签里禁止出现任何链接或域名形态（
```
http/https
```
、
```
www.
```
、
```
xxx.com/.cn/...
```
）。否则有封禁风险。
如果内容生成遇到困难或校验不通过：宁可中止，不要“随便发一条”。

反 AI 识别与真实标签（强制）：

不承诺“100% 不被识别为 AI”；目标是显著降低风险。
正文必须有“个人视角 + 具体事实信号（数字/日期/来源提及）”，并规避模板腔。
发布前必须通过
```
review_publish_payload
```
审核门禁，要求
```
decision=pass
```
，并输出
```
risk_path
```
、证据和
```
review_queue
```
供复核。
```
source.evidence_snippet
```
与
```
source.key_facts
```
必填，且能回溯到来源事实。
标签与
```
post.real_topics
```
都必须来自真实话题池
```
data/tag_registry.json
```
，禁止自造标签。
禁止自动把
```
#标签
```
拼进正文冒充话题。
发布前必须在小红书发布页手动选择至少 3 个真实话题，然后由
```
agent-browser-stealth
```
执行最终点击发布。

示例：准备真实标签池（建议每天更新）：

bash

cat > ./data/tag_registry.json <<'JSON'
{
  "updated_at": "2026-02-24",
  "source": {
    "platform": "xiaohongshu",
    "method": "manual_from_publish_topic_picker",
    "url": "https://creator.xiaohongshu.com/creator/publish"
  },
  "tags": ["#AI热点", "#人工智能", "#行业观察", "#科技新闻", "#AI资讯", "#科技观察"]
}
JSON

发布执行方式（唯一）：

本仓库只负责“数据准备 + 门禁校验 + 审核校验”；不再提供发布自动化脚本。
浏览器动作必须由
```
agent-browser-stealth
```
串行执行：打开发布页 -> 上传素材 -> 填写标题/正文/标签 -> 手动选择真实话题 -> 人工确认预览 -> 点击发布。
若任一门禁失败（
```
verify/review
```
非
```
ok=true
```
），必须停止在“发布前”，禁止继续点击提交。

发布可靠性 Checklist（照这个执行，避免“看似发了其实没发/字段没落库”）：

正文换行：写入编辑器前把
```
\\n
```
规范化为真实换行（
```
text.replaceAll("\\\\n", "\n")
```
），填完立刻读回校验正文
```
innerText
```
不包含字面量
```
\\n
```
。
标题/正文/标签写入后都要读回校验：标题是否存在且
```
<= 20
```
；正文是否非空且长度达标；标签是否至少 3 个且都以
```
#
```
开头、并来自
```
tag_registry
```
。
读回门禁里把
```
post.real_topics
```
一并校验（>=3，且都命中
```
tag_registry
```
），避免“假话题”。
正文编辑区可能不是普通 input/textarea；必须先
```
snapshot -i
```
确认可编辑区域，再写入并读回校验。
发布按钮：页面可能有多个“发布”入口，必须点击“可见 + enabled + 文案严格匹配”的主按钮；点击后用 URL/页面状态确认已跳转到成功/管理页。
图片重传：若需要替换，先点“清空”并在弹窗选择“重新上传”；上传后等待缩略图数量稳定再继续。
图片尺寸：截图类
```
1280x720
```
会让预览很差；发布前用门禁校验图片为竖版 3:4（推荐
```
1242x1660
```
）。
串行：同一
```
agent-browser-stealth
```
session 严格串行，必要时
```
sleep/wait
```
，避免
```
os error 35
```
假失败。

发布成功闭环（强制）：

发布/更新后回到「笔记管理」列表页，确认缩略图/标题已变化。
重新打开该笔记的编辑页，读回校验：
```
title/body/imgCount/tags
```
都存在且符合门禁（否则判失败重试）。

素材准备（可选，省去用户自己找图标/配图）：

用户只给“需求描述”，例如：

“一个红色爱心线性 icon，透明背景”
“适合美妆笔记的浅色系贴纸风小图标”

用
```
agent-browser-stealth
```
搜索并挑选 3-5 个候选（优先免版权/可复用来源）。 2.1 配图“内容一致性”门禁（强烈建议）：

截图入库前，先用
```
agent-browser-stealth get title
```
/读
```
h1
```
检查页面内容确实包含目标关键词（否则可能是误点/错页）。
需要更强一致性时再上 OCR（可选），但默认先做
```
title/h1
```
的低成本校验。

用
```
agent-browser-stealth
```
直接截图保存到：

data/assets/<YYYY-MM-DD>/icons/<name>.png

把来源 URL 追加到：
```
data/assets/<YYYY-MM-DD>/sources.txt
```

进入发布页后按常规上传媒体，并在点击“发布/提交”前设置人工确认点（预览无误再发）。

流程（浏览器侧全部由

agent-browser-stealth

完成）：

确保已登录（先完成上面的 A，或已有有效登录态）。
准备并校验
```
data/publish_payload.json
```
（必须
```
ok=true
```
）。
打开发布页面（允许路径变化）。
上传媒体（图文多图/视频文件与封面）。
填写标题/正文/话题/标签：

标题必须
```
8~20
```
字（超过 20 字先裁剪或提示用户改短）
正文必须
```
>= 80
```
字
标签至少 3 个，且都以
```
#
```
开头
```
post.real_topics
```
至少 3 个，且与标签都必须命中
```
data/tag_registry.json
```
（真实话题池）
禁止“仅截图素材”直接发布（如只含
```
screenshot/login_qr
```
等截图文件）
正文编辑区不要按普通 input 假设，先
```
snapshot -i
```
再定位可编辑区
每次点击/填写前先刷新 ref，避免 ref 漂移误操作

点击“发布/提交”前暂停，要求用户确认最终预览。 6.1 发布前手动选择至少 3 个真实话题，再由
```
agent-browser-stealth
```
点击提交。
发布后记录结果页 URL；失败时截图并记录错误文案。

发布结果输出契约（JSON）：

json

{
  "task": "xhs_publish",
  "ok": true,
  "result_url": "https://creator.xiaohongshu.com/....",
  "content_checks": {
    "title_len": 18,
    "body_len": 136,
    "tag_count": 3,
    "topic": "今日热点：xxxx",
    "source_date": "2026-02-12"
  },
  "artifacts": {
    "payload_json": "data/publish_payload.json",
    "media_inputs": ["..."],
    "error_screenshot": null
  }
}

发布失败时

ok=false

，并返回

error_message

、

error_screenshot

路径和未通过的

missing_checks

。


3. Must execute the content review script (layered rules + AI) before publishing:

```bash
node ./scripts/review_publish_payload.mjs --in ./data/publish_payload.json --policy ./config/review_policy.json --taxonomy ./config/review_taxonomy.json --ai-provider auto --require-ai off --mode hot --json

Only when both verification and review results are
```
ok=true
```
can you enter the publishing page and click "Publish/Submit". The verification policy is in
```
./config/verify_publish_policy.json
```
, the review policy is in
```
./config/review_policy.json
```
, and the layered risk path is in
```
./config/review_taxonomy.json
```
.
If any gatekeeper fails, the process must be aborted and prompt the user to supplement; "Direct publishing with only screenshots" is prohibited.

Prohibited Links (Mandatory):

Any links or domain name forms (
```
http/https
```
,
```
www.
```
,
```
xxx.com/.cn/...
```
) are prohibited in titles/bodies/tags. Otherwise, there is a risk of account banning.
If content generation encounters difficulties or verification fails: It is better to abort than to "publish a random note".

Anti-AI Detection and Real Tags (Mandatory):

We do not guarantee "100% not detected as AI"; the goal is to significantly reduce the risk.
The body must have "personal perspective + specific fact signals (numbers/dates/source mentions)", and avoid template-style language.
Before publishing, you must pass the
```
review_publish_payload
```
review gatekeeper, requiring
```
decision=pass
```
, and output
```
risk_path
```
, evidence, and
```
review_queue
```
for recheck.
```
source.evidence_snippet
```
and
```
source.key_facts
```
are required, and must be traceable to source facts.
Both tags and
```
post.real_topics
```
must come from the real topic pool
```
data/tag_registry.json
```
; self-created tags are prohibited.
Automatically appending
```
#tags
```
to the body to pretend to be topics is prohibited.
Before publishing, you must manually select at least 3 real topics on the Xiaohongshu publishing page, then let
```
agent-browser-stealth
```
execute the final click to publish.

Example: Prepare a real tag pool (recommended to update daily):

bash

cat > ./data/tag_registry.json <<'JSON'
{
  "updated_at": "2026-02-24",
  "source": {
    "platform": "xiaohongshu",
    "method": "manual_from_publish_topic_picker",
    "url": "https://creator.xiaohongshu.com/creator/publish"
  },
  "tags": ["#AIHotTopic", "#ArtificialIntelligence", "#IndustryObservation", "#TechnologyNews", "#AII资讯", "#TechnologyObservation"]
}
JSON

Publishing Execution Method (Only One):

This repository is only responsible for "data preparation + gatekeeper verification + review verification"; no publishing automation scripts are provided.
Browser actions must be executed serially by
```
agent-browser-stealth
```
: Open publishing page -> Upload materials -> Fill in title/body/tags -> Manually select real topics -> Manual confirmation of preview -> Click publish.
If any gatekeeper fails (
```
verify/review
```
is not
```
ok=true
```
), the process must be stopped before publishing; continuing to click submit is prohibited.

Publishing Reliability Checklist (Follow this to avoid "Seems published but actually not/fields not saved"):

Body line breaks: Normalize
```
\\n
```
to real line breaks (
```
text.replaceAll("\\\\n", "\n")
```
) before writing to the editor; immediately read back and verify that the body
```
innerText
```
does not contain the literal
```
\\n
```
.
After writing the title/body/tags, read back and verify: Title exists and
```
<= 20
```
characters; body is non-empty and meets length requirements; at least 3 tags, all starting with
```
#
```
, and from
```
tag_registry
```
.
In the read-back gatekeeper, also verify
```
post.real_topics
```
(>=3, and all hit
```
tag_registry
```
) to avoid "fake topics".
Body editing area: It may not be a normal input/textarea; first use
```
snapshot -i
```
to confirm the editable area, then write and read back for verification.
Publish button: There may be multiple "Publish" entries on the page; you must click the main button that is "visible + enabled + strictly matches the text"; after clicking, use URL/page status to confirm that it has redirected to the success/management page.
Image re-upload: If replacement is needed, first click "Clear" and select "Re-upload" in the pop-up; wait for the number of thumbnails to stabilize before proceeding.
Image size: Screenshots of
```
1280x720
```
will result in poor preview; use the gatekeeper to verify that images are vertical 3:4 (recommended
```
1242x1660
```
) before publishing.
Serial execution: Strictly serial in the same
```
agent-browser-stealth
```
session; use
```
sleep/wait
```
if necessary to avoid false failures with
```
os error 35
```
.

Publishing Success Closure (Mandatory):

After publishing/updating, return to the "Note Management" list page and confirm that the thumbnail/title has changed.
Re-open the edit page of the note, read back and verify:
```
title/body/imgCount/tags
```
all exist and meet the gatekeeper requirements (otherwise judge as failed and retry).

Material Preparation (Optional, saves users from finding icons/visuals themselves):

The user only provides "requirement description", for example:

"A red heart linear icon with transparent background"
"Light-colored sticker-style small icons suitable for beauty notes"

Use
```
agent-browser-stealth
```
to search and select 3-5 candidates (prioritize royalty-free/reusable sources). 2.1 Visual Material "Content Consistency" Gatekeeper (Highly Recommended):

Before saving the screenshot to the library, first use
```
agent-browser-stealth get title
```
/read
```
h1
```
to check that the page content indeed contains the target keywords (otherwise it may be a wrong click/wrong page).
For stronger consistency, use OCR (optional), but by default, first perform low-cost verification with
```
title/h1
```
.

Use
```
agent-browser-stealth
```
to directly take screenshots and save to:

data/assets/<YYYY-MM-DD>/icons/<name>.png

Append the source URL to:
```
data/assets/<YYYY-MM-DD>/sources.txt
```

Enter the publishing page, upload media as usual, and set a manual confirmation point before clicking "Publish/Submit" (confirm preview is correct before publishing).

Process (All browser-side operations are completed by

agent-browser-stealth

Ensure logged in (complete Section A above, or have a valid login state).
Prepare and verify
```
data/publish_payload.json
```
(must be
```
ok=true
```
).
Open the publishing page (path changes are allowed).
Upload media (multiple images for image-text notes/video files and cover).
Fill in title/body/topics/tags:

Title must be
```
8~20
```
characters (if exceeding 20 characters, first crop or prompt the user to shorten it)
Body must be
```
>= 80
```
words
At least 3 tags, all starting with
```
#
```
```
post.real_topics
```
must be at least 3, and both tags and real topics must hit
```
data/tag_registry.json
```
(real topic pool)
"Direct publishing with only screenshot materials" (such as only containing
```
screenshot/login_qr
```
and other screenshot files) is prohibited
Do not assume the body editing area is a normal input; first use
```
snapshot -i
```
to locate the editable area
Refresh the ref before each click/fill to avoid ref drift and misoperation

Pause before clicking "Publish/Submit", and require the user to confirm the final preview. 6.1 Manually select at least 3 real topics before publishing, then let
```
agent-browser-stealth
```
click submit.
After publishing, record the result page URL; if failed, take a screenshot and record the error message.

Publishing Result Output Contract (JSON):

json

{
  "task": "xhs_publish",
  "ok": true,
  "result_url": "https://creator.xiaohongshu.com/....",
  "content_checks": {
    "title_len": 18,
    "body_len": 136,
    "tag_count": 3,
    "topic": "Today's Hot Topic: xxxx",
    "source_date": "2026-02-12"
  },
  "artifacts": {
    "payload_json": "data/publish_payload.json",
    "media_inputs": ["..."],
    "error_screenshot": null
  }
}

When publishing fails,

ok=false

, and return

error_message

error_screenshot

path, and unpassed

missing_checks

C. 导出创作者中心数据（CSV/XLSX 或截图）

C. Export Creator Center Data (CSV/XLSX or Screenshots)

目标：把创作者中心关键数据导出到

data/exports/<YYYY-MM-DD>/

，用于后续分析。

确认已登录。
用
```
agent-browser-stealth
```
进入创作者中心的常用分析页（仪表盘/内容分析/粉丝分析）。
每个页面：

优先使用页面自带导出（如有）到
```
data/exports/<date>/
```
无导出时：保存关键区块截图到同目录

记录：导出时间范围、口径说明、页面 URL。

Objective: Export key data from the Creator Center to

data/exports/<YYYY-MM-DD>/

for subsequent analysis.

Confirm logged in.
Use
```
agent-browser-stealth
```
to enter the commonly used analysis pages of the Creator Center (dashboard/content analysis/fan analysis).
For each page:

Prioritize using the page's built-in export (if available) to
```
data/exports/<date>/
```
If no export is available: Save screenshots of key blocks to the same directory

Record: Export time range, caliber description, page URL.

本地 CLI（本技能自带）

Local CLI (Built into This Skill)

命令：

node ./bin/xhs-skill.mjs qr show --in <pngPath>

node ./bin/xhs-skill.mjs cookies normalize --in <jsonPath> --out <outPath>

node ./bin/xhs-skill.mjs cookies status --in <cookiesJsonPath>

node ./bin/xhs-skill.mjs cookies to-header --in <cookiesJsonPath>

node ./scripts/verify_publish_payload.mjs --in <payloadJsonPath> --policy ./config/verify_publish_policy.json --tag-registry ./data/tag_registry.json --min-registry-tags 12 --require-source-evidence on --strict-anti-ai on [--mode hot]

node ./scripts/review_publish_payload.mjs --in <payloadJsonPath> --policy ./config/review_policy.json --taxonomy ./config/review_taxonomy.json --ai-provider auto --require-ai off [--mode hot]

Commands:

node ./bin/xhs-skill.mjs qr show --in <pngPath>

node ./bin/xhs-skill.mjs cookies normalize --in <jsonPath> --out <outPath>

node ./bin/xhs-skill.mjs cookies status --in <cookiesJsonPath>

node ./bin/xhs-skill.mjs cookies to-header --in <cookiesJsonPath>

node ./scripts/verify_publish_payload.mjs --in <payloadJsonPath> --policy ./config/verify_publish_policy.json --tag-registry ./data/tag_registry.json --min-registry-tags 12 --require-source-evidence on --strict-anti-ai on [--mode hot]

node ./scripts/review_publish_payload.mjs --in <payloadJsonPath> --policy ./config/review_policy.json --taxonomy ./config/review_taxonomy.json --ai-provider auto --require-ai off [--mode hot]

D. 轻量发版流程（维护者）

D. Lightweight Release Process (Maintainers)

先跑本地门禁：

```
npm run check:constraints
```
```
npm test
```

查看改动只包含预期文件：
```
git status --short
```
用中文 Conventional Commit 提交（示例）：

docs(skill): 补充发版前快速自检清单

发布到 ClawHub（patch）：

clawhub sync --all --bump patch --changelog "docs: 补充发版前快速自检清单"

First run local gatekeepers:

```
npm run check:constraints
```
```
npm test
```

Check that changes only include expected files:
```
git status --short
```
Commit with Chinese Conventional Commit (example):

docs(skill): 补充发版前快速自检清单

Publish to ClawHub (patch):

clawhub sync --all --bump patch --changelog "docs: 补充发版前快速自检清单"