Xiaohongshu Mcp 1.0.0
v1.0.0Automate Xiaohongshu (RedNote) content operations using a Python client for the xiaohongshu-mcp server. Use for: (1) Publishing image, text, and video conten...
⭐ 1· 208·8 current·9 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the shipped Python client and the SKILL.md: the client talks to a local xiaohongshu-mcp server (http://localhost:18060) to search, inspect, and publish notes. The requested actions and files are proportionate to automating Xiaohongshu tasks.
Instruction Scope
Runtime instructions are limited to downloading the MCP/login binaries (from the referenced GitHub repo), running the login QR flow, starting the local server, and using the included Python script to call localhost endpoints. The instructions do not ask the agent to read unrelated system files, environment variables, or to send data to third-party endpoints.
Install Mechanism
There is no automated install spec in the package (instruction-only). SKILL.md directs the user to GitHub Releases for vendor binaries (a legitimate release host). Users must manually download and grant execute permission — this is expected but requires trusting those binaries and verifying authenticity (checksums/signatures if available).
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The included Python client uses only localhost and does not read environment variables or other secrets.
Persistence & Privilege
The skill is not always-enabled, does not request elevated agent privileges, and contains no code that modifies other skill configurations. Autonomous invocation remains possible (platform default) but is not combined with other concerning permissions.
Assessment
This skill appears internally consistent, but you must trust and verify the xiaohongshu-mcp binaries you download. Before using: (1) confirm the GitHub repository and release checksums/signatures, (2) run the MCP/login binaries in an isolated environment or VM if you are cautious, (3) avoid scanning your primary Xiaohongshu account during testing, and (4) review the upstream server's source (xpzouying/xiaohongshu-mcp) if you need higher assurance. The included Python client only communicates with localhost and does not itself exfiltrate data, but the local MCP server you run will hold your session and can perform actions on your account — treat those binaries as sensitive.Like a lobster shell, security has layers — review code before you run it.
latestvk9745h1n8y7wn221f8jmhy0fk183552b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.