ClawHub
Back to skill
v1.0.0

Xiaohongshu (小红书) Automation

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:14 AM.

Analysis

Review before installing because this skill can act through a logged-in Xiaohongshu account to publish public content via a local server, with limited approval and scoping safeguards shown.

GuidanceInstall only if you are comfortable giving a local server access to a logged-in Xiaohongshu account. Before publishing, require a manual review of the exact post content and account, verify the downloaded binaries, and stop or log out of the server when finished.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
scripts/xhs_client.py
resp = requests.post(
            f"{BASE_URL}/api/v1/publish",
            json=payload,
            timeout=120
        )

The client can send a publish request to the local server, but the artifacts do not show a required user confirmation, preview, draft mode, or other guard before public posting.

User impactIf invoked with the wrong content or by an over-eager agent, this could publish unwanted posts to the user's Xiaohongshu account.
RecommendationRequire explicit user approval immediately before every publish action, show the exact title/content/images/account, and prefer a draft or preview workflow where possible.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Download the appropriate binaries for your system from the [GitHub Releases](https://github.com/xpzouying/xiaohongshu-mcp/releases) page.

Grant execute permission to the downloaded files:
```shell
chmod +x xiaohongshu-mcp-darwin-arm64 xiaohongshu-login-darwin-arm64
```

The setup asks the user to download and execute third-party release binaries; this is central to the skill's purpose, but the artifacts do not pin a version, checksum, or signature.

User impactThe user must trust the downloaded binaries, including the login tool that handles the Xiaohongshu session.
RecommendationDownload only from the intended upstream project, verify release integrity where possible, and prefer pinned versions with published checksums or signatures.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
Run the MCP server in a separate terminal window. It will run in the background.

The server will be available at `http://localhost:18060`.

The background server is expected for this integration, but it remains available locally while running and is tied to the user's logged-in session.

User impactIf the server is left running after use, local tools or future agent actions may continue to reach the account-action API.
RecommendationStart the server only when needed, stop it after the task, and log out or clear the session when finished.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Run the login tool. It will open a browser window with a QR code. Scan it with your Xiaohongshu mobile app.

> **Important**: Do not log into the same Xiaohongshu account on any other web browser, as this will invalidate the server's session.

The setup relies on an authenticated Xiaohongshu account session, giving the local server delegated authority over account actions, but the artifacts do not describe session storage, revocation, or least-privilege boundaries.

User impactThe server may act as the logged-in user for searches, feed access, and publishing while the session is valid.
RecommendationUse a dedicated or low-risk account, understand how to log out or revoke the session, and avoid leaving the server logged in when not actively using it.