Xiaohongshu MCP Installer

v1.0.0

一键安装并启动小红书 MCP 服务（xiaohongshu-mcp）。当用户说"帮我安装小红书MCP"、"安装 xhs-mcp"、"配置小红书 MCP"、"帮我搞个小红书"、或提供 GitHub 链接 https://github.com/xpzouying/xiaohongshu-mcp 时触发。自动检测系统、...

⭐ 0· 68·0 current·0 all-time

by@alexduming

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for alexduming/xhs-mcp-installer.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Xiaohongshu MCP Installer" (alexduming/xhs-mcp-installer) from ClawHub.
Skill page: https://clawhub.ai/alexduming/xhs-mcp-installer
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install xhs-mcp-installer

ClawHub CLI

Package manager switcher

npx clawhub@latest install xhs-mcp-installer

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (install xiaohongshu-mcp) matches the scripted behavior: detect OS/arch, download a release binary from GitHub, install into ~/xiaohongshu-mcp, configure launchd/systemd and a watchdog. However the declared requirements are incomplete (only 'curl' listed) while the provided scripts also use python3, tar, lsof, sudo, systemctl and cron/launchctl — tools a user would need for successful installation but that are not declared.

Instruction Scope

Instructions and scripts perform privileged, system-wide actions: downloading and extracting a binary, killing processes, writing a systemd unit to /etc/systemd/system (via sudo), enabling and starting services, creating launchd plists, adding a crontab entry, and creating a watchdog that restarts the service. These actions are within the stated installer purpose, but the SKILL.md contains inconsistent paths (one systemd example uses /root/xiaohongshu-mcp while the install script uses $HOME), suggesting copy/paste or sloppy documentation that could cause accidental system-wide installs under root. The instructions also assume Python3 and tar are available (used to query GitHub releases and extract archives) but these are not listed as required.

ℹ

Install Mechanism

No platform install spec is used by the skill bundle itself (instruction-only with an included install.sh). The script downloads release artifacts from GitHub releases and raw.githubusercontent.com — a commonly used hosting source. Downloading and executing binaries from GitHub releases is expected for this function but carries moderate risk: the downloaded binary runs on the host and could contain arbitrary code. The download sources are not obscure (GitHub), but the script does not verify checksums or signatures.

✓

Credentials

The skill declares no environment variables or credentials and doesn't attempt to exfiltrate environment variables. That is proportionate to an installer. However it does request system privileges (sudo) at runtime to install systemd service files.

Persistence & Privilege

The installer configures persistent services (launchd/systemd) and a periodic watchdog (crontab for macOS), and the install script uses sudo to write to /etc/systemd/system and enable/start services. This grants long-lived system presence and requires elevated privileges; combined with executing an unverified binary, this increases risk if you don't trust the binary source.

What to consider before installing

What to consider before installing: - The script will download a prebuilt binary from GitHub releases and execute it on your machine. That binary can run arbitrary code; only proceed if you trust the project and its release artifacts. - The provided install.sh assumes tools beyond curl: python3 (used to parse GitHub API), tar (to extract), lsof, systemctl, sudo, and cron/launchctl. If those are missing the installer will fail or behave unexpectedly. - The installer requires privileged actions (sudo) to write a systemd unit and enable/start it. It also creates a persistent launchd plist or crontab entry and a watchdog script. These changes are persistent and survive reboots. - There are small but important inconsistencies: SKILL.md contains a systemd example that uses /root/xiaohongshu-mcp while the included scripts install to $HOME/xiaohongshu-mcp. This suggests copy/paste/documentation drift — double-check paths before running to avoid installing as root unintentionally. - The script does not verify release integrity (no signature or checksum verification). Prefer to: - Inspect the GitHub repository and release artifacts manually first. - Download the release artifact and inspect its contents (and ideally verify checksum/signature) before making it executable. - Run the service in a confined environment (VM, container, or non-privileged user) first to evaluate behavior. - If you must install on a host, edit the install script to remove automatic sudo or systemd writes and perform those steps manually after review. Given these points, the skill appears to implement its stated function but has gaps and elevated privileges that make it risky to run without manual review — treat it as suspicious and verify the binary and repository before proceeding.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📕 Clawdis

Binscurl

automationvk97adbbbhdxb7t673qxrcfm68h84ymprinstallvk97adbbbhdxb7t673qxrcfm68h84ymprlatestvk97adbbbhdxb7t673qxrcfm68h84ymprmcpvk97adbbbhdxb7t673qxrcfm68h84ymprxiaohongshuvk97adbbbhdxb7t673qxrcfm68h84ympr

68downloads

0stars

1versions

Updated 1w ago

v1.0.0

MIT-0

📕 小红书 MCP 一键安装器

自动完成以下工作：

检测系统（macOS / Linux）并选择对应二进制
下载 xhs-mcp 到 ~/xiaohongshu-mcp/
配置为后台服务（macOS: launchd，Linux: systemd）
启动服务并验证健康状态

一、安装前检查

# 检查是否已安装
lsof -i :18060 2>/dev/null | grep LISTEN && echo "✅ 已在运行" || echo "❌ 未运行"

# 检查二进制是否存在
[ -f ~/xiaohongshu-mcp/xhs-mcp ] && echo "✅ 已下载" || echo "❌ 未下载"

二、自动安装流程

2.1 检测系统

OS="$(uname -s)"
ARCH="$(uname -m)"
echo "系统: $OS, 架构: $ARCH"

系统	架构	二进制名
Darwin (macOS)	x86_64	xhs-mcp-darwin-amd64
Darwin (macOS)	arm64	xhs-mcp-darwin-arm64
Linux	x86_64	xhs-mcp-linux-amd64
Linux	aarch64	xhs-mcp-linux-arm64

2.2 下载二进制

mkdir -p ~/xiaohongshu-mcp
cd ~/xiaohongshu-mcp

# 自动识别架构
case "$(uname -s)-$(uname -m)" in
  Darwin-x86_64)  BINARY="xhs-mcp-darwin-amd64" ;;
  Darwin-arm64)    BINARY="xhs-mcp-darwin-arm64" ;;
  Linux-x86_64)   BINARY="xhs-mcp-linux-amd64" ;;
  Linux-aarch64)  BINARY="xhs-mcp-linux-arm64" ;;
  *) echo "❌ 不支持的平台: $(uname -s) $(uname -m)"; exit 1 ;;
esac

echo "下载 $BINARY ..."
curl -L "https://github.com/xpzouying/xiaohongshu-mcp/releases/latest/download/${BINARY}" \
  -o ./xhs-mcp --progress-bar
chmod +x ./xhs-mcp

2.3 启动服务（手动测试）

cd ~/xiaohongshu-mcp

# 杀掉旧进程
lsof -ti :18060 | xargs kill -9 2>/dev/null
sleep 1

# 启动
nohup ./xhs-mcp server --port 18060 > ~/xiaohongshu-mcp/mcp.log 2>&1 &
sleep 3

# 验证
if lsof -i :18060 | grep LISTEN > /dev/null; then
  echo "✅ 服务启动成功，端口 18060 监听中"
else
  echo "❌ 启动失败，查看日志：tail ~/xiaohongshu-mcp/mcp.log"
  tail -20 ~/xiaohongshu-mcp/mcp.log
fi

2.4 配置开机自启

macOS — launchd plist

XHS_PLIST="$HOME/Library/LaunchAgents/com.openclaw.xhs-mcp.plist"
mkdir -p "$HOME/Library/LaunchAgents"

cat > "$XHS_PLIST" << 'EOFPLIST'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.openclaw.xhs-mcp</string>
    <key>ProgramArguments</key>
    <array>
        <string>/Users/$(whoami)/xiaohongshu-mcp/xhs-mcp</string>
        <string>server</string>
        <string>--port</string>
        <string>18060</string>
    </array>
    <key>WorkingDirectory</key>
    <string>/Users/$(whoami)/xiaohongshu-mcp</string>
    <key>RunAtLoad</key>
    <true/>
    <key>KeepAlive</key>
    <true/>
    <key>StandardOutPath</key>
    <string>/Users/$(whoami)/xiaohongshu-mcp/mcp.log</string>
    <key>StandardErrorPath</key>
    <string>/Users/$(whoami)/xiaohongshu-mcp/mcp.log</string>
    <key>EnvironmentVariables</key>
    <dict/>
</dict>
</plist>
EOFPLIST

# 加载服务
launchctl unload "$XHS_PLIST" 2>/dev/null
launchctl load "$XHS_PLIST"
echo "✅ launchd 服务已加载"

Linux — systemd

sudo tee /etc/systemd/system/xhs-mcp.service > /dev/null << 'EOFSYSTEMD'
[Unit]
Description=Xiaohongshu MCP Service
After=network.target

[Service]
WorkingDirectory=/root/xiaohongshu-mcp
ExecStart=/root/xiaohongshu-mcp/xhs-mcp server --port 18060
Restart=always
RestartSec=5
StandardOutput=append:/root/xiaohongshu-mcp/mcp.log
StandardError=append:/root/xiaohongshu-mcp/mcp.log

[Install]
WantedBy=multi-user.target
EOFSYSTEMD

sudo systemctl daemon-reload
sudo systemctl enable xhs-mcp
sudo systemctl start xhs-mcp
echo "✅ systemd 服务已启动"

2.5 创建看门狗脚本（自动恢复崩溃）

cat > ~/xiaohongshu-mcp/watchdog.sh << 'EOFWATCHDOG'
#!/bin/bash
# xhs-mcp 看门狗：服务崩溃后自动重启
PORT=18060
LOG=~/xiaohongshu-mcp/watchdog.log

check() {
    curl -s --max-time 3 http://localhost:$PORT/health > /dev/null 2>&1
}

restart() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') 重启服务..." >> "$LOG"
    lsof -ti :$PORT | xargs kill -9 2>/dev/null
    sleep 2
    cd ~/xiaohongshu-mcp
    nohup ./xhs-mcp server --port $PORT >> ~/xiaohongshu-mcp/mcp.log 2>&1 &
    sleep 3
    if check; then
        echo "$(date '+%Y-%m-%d %H:%M:%S') 重启成功" >> "$LOG"
    fi
}

if ! check; then
    restart
fi
EOFWATCHDOG
chmod +x ~/xiaohongshu-mcp/watchdog.sh

# macOS: 添加定期检查到 crontab
(crontab -l 2>/dev/null | grep -v watchdog; echo "*/5 * * * * ~/xiaohongshu-mcp/watchdog.sh") | crontab -
echo "✅ 看门狗已配置（每5分钟检查一次）"

三、验证安装

3.1 服务健康检查

# 检查进程
ps aux | grep -i xhs-mcp | grep -v grep

# 检查端口
lsof -i :18060 | grep LISTEN

# 检查登录状态（调用 MCP）
MCP_URL="http://localhost:18060/mcp"
SESSION_ID=$(curl -s -D /tmp/xhs_check -X POST "$MCP_URL" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"openclaw","version":"1.0"}},"id":1}' > /dev/null \
  && grep -i 'Mcp-Session-Id' /tmp/xhs_check | tr -d '\r' | awk '{print $2}')
curl -s -X POST "$MCP_URL" -H "Content-Type: application/json" \
  -H "Mcp-Session-Id: $SESSION_ID" \
  -d '{"jsonrpc":"2.0","method":"notifications/initialized","params":{}}' > /dev/null
curl -s -X POST "$MCP_URL" -H "Content-Type: application/json" \
  -H "Mcp-Session-Id: $SESSION_ID" \
  -d '{"jsonrpc":"2.0","method":"tools/call","params":{"name":"check_login_status","arguments":{}},"id":2}'

3.2 判断结果

输出	含义	操作
`✅ 已在运行` + `✅ 已下载`	已安装，跳过	静默完成
服务启动成功 + 登录状态正常	全新安装完成	告知用户
服务启动成功 + `❌ 未登录`	需扫码登录	进入登录流程
❌ 启动失败	下载或权限问题	查看日志排查

四、扫码登录（如需要）

方式一：直接获取二维码（推荐）

MCP_URL="http://localhost:18060/mcp"
SESSION_ID=$(curl -s -D /tmp/xhs_qr_h -X POST "$MCP_URL" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"openclaw","version":"1.0"}},"id":1}' > /dev/null \
  && grep -i 'Mcp-Session-Id' /tmp/xhs_qr_h | tr -d '\r' | awk '{print $2}')
curl -s -X POST "$MCP_URL" -H "Content-Type: application/json" \
  -H "Mcp-Session-Id: $SESSION_ID" \
  -d '{"jsonrpc":"2.0","method":"notifications/initialized","params":{}}' > /dev/null
curl -s -X POST "$MCP_URL" -H "Content-Type: application/json" \
  -H "Mcp-Session-Id: $SESSION_ID" \
  -d '{"jsonrpc":"2.0","method":"tools/call","params":{"name":"get_login_qrcode","arguments":{}},"id":2}' | \
  python3 -c "
import sys,json
d=json.load(sys.stdin)
text=d.get('result',{}).get('content',[{}])[0].get('text','')
# 提取base64图片
import re
m=re.search(r'data:image/png;base64,([A-Za-z0-9+/=]+)', text)
if m:
    open('/tmp/xhs_qr.png','wb').write(__import__('base64').b64decode(m.group(1)))
    print('二维码已保存到 /tmp/xhs_qr.png')
else:
    print(text)
"

方式二：Cookie 导入（无需扫码）

用户提供浏览器 Cookie 字符串后，转换为 JSON 保存：

python3 -c "
import json, sys
cookie_str = sys.argv[1].strip()
cookies = []
for pair in cookie_str.split(';'):
    pair = pair.strip()
    if '=' not in pair: continue
    name, value = pair.split('=', 1)
    cookies.append({
        'name': name.strip(),
        'value': value.strip(),
        'domain': '.xiaohongshu.com',
        'path': '/',
        'expires': -1,
        'httpOnly': name.strip() in ('web_session', 'id_token', 'acw_tc'),
        'secure': name.strip() in ('web_session', 'id_token'),
        'session': False,
        'priority': 'Medium',
        'sameParty': False,
        'sourceScheme': 'Secure',
        'sourcePort': 443
    })
with open('$HOME/xiaohongshu-mcp/cookies.json', 'w') as f:
    json.dump(cookies, f, ensure_ascii=False)
print(f'已保存 {len(cookies)} 个 Cookie')
" '用户粘贴的cookie字符串'

五、故障排查

# 服务状态
ps aux | grep xhs-mcp | grep -v grep
lsof -i :18060

# 查看日志
tail -30 ~/xiaohongshu-mcp/mcp.log

# 重启服务（macOS）
launchctl unload ~/Library/LaunchAgents/com.openclaw.xhs-mcp.plist
launchctl load ~/Library/LaunchAgents/com.openclaw.xhs-mcp.plist

# 重启服务（Linux）
sudo systemctl restart xhs-mcp

# 卸载服务
launchctl unload ~/Library/LaunchAgents/com.openclaw.xhs-mcp.plist 2>/dev/null
sudo systemctl disable xhs-mcp 2>/dev/null

六、安装完成告知模板

安装成功后，告知用户：

✅ 小红书 MCP 安装完成！

🐹 服务已就绪，后台运行中 📍 端口：18060 🔄 开机自启：已配置 🐕 看门狗：每5分钟自动检查

📌 下一步：用小红书APP扫码登录（告诉我就行，我会发二维码给你）

Comments

Loading comments...