Xiaohongshu (小红书) Automation
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for Xiaohongshu automation, but it requires external binaries and a live logged-in account session that can publish posts without documented guardrails.
Install only if you trust the upstream xiaohongshu-mcp project and are comfortable giving a local server access to your Xiaohongshu account. Verify the downloaded binaries, keep the server stopped when not in use, and require explicit review before publishing anything.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or incorrect downloaded binary could run local code and handle the user's Xiaohongshu session.
The skill relies on executing external login/server binaries that are not included in the reviewed artifacts, and it provides no pinned release, checksum, or signature verification.
Download the appropriate binaries for your system from the GitHub Releases page... chmod +x xiaohongshu-mcp-darwin-arm64 xiaohongshu-login-darwin-arm64
Only use binaries from a trusted upstream release, verify hashes/signatures where available, and prefer a pinned version rather than an unspecified latest release.
The local server and client can act as the logged-in account, including reading feeds and publishing content.
The workflow creates and uses an authenticated Xiaohongshu account session. That is expected for the purpose, but it grants account-level authority and the registry metadata declares no primary credential.
Run the login tool. It will open a browser window with a QR code. Scan it with your Xiaohongshu mobile app... this will invalidate the server's session.
Use a dedicated or low-risk account if possible, understand where the session is stored, and log out or stop the server when finished.
If invoked accidentally or from ambiguous instructions, the agent could publish content to the user's Xiaohongshu account.
The bundled client can issue a publish request through the logged-in local server, but the artifacts do not show a confirmation, dry-run, or review step before public posting.
resp = requests.post(
f"{BASE_URL}/api/v1/publish",
json=payload,
timeout=120
)Require explicit user confirmation with the exact title, text, images, tags, and target account before any publish command is run.
The account automation service may remain available locally after the immediate task is complete.
The skill expects a long-running local service tied to the authenticated session. This is disclosed and purpose-aligned, but it persists beyond a single command until the user stops it.
Run the MCP server in a separate terminal window. It will run in the background... The server will be available at `http://localhost:18060`.
Stop the MCP server when finished and avoid leaving the authenticated service running unnecessarily.