小红书发布
ReviewAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real Xiaohongshu publishing skill, but it can post publicly through your logged-in account and relies on an unreviewed local MCP executable without a built-in final confirmation step.
Install only if you trust the external Xiaohongshu MCP executable and understand that this can publish live posts from your account. Do not run the preset publish_*.js scripts unless you intend to post their exact content, and require a manual preview/approval before any publish action.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or a user runs the script with content, it may create a live post under the currently logged-in Xiaohongshu account.
The script directly invokes the MCP tool that publishes content to Xiaohongshu after checking login; the reviewed code does not include a final user confirmation or dry-run before the public account action.
name: 'publish_content', arguments: { title: config.title, content: config.content, images: config.images, tags: config.tags || [] }Add an explicit preview and confirmation step before every publish_content call, especially for batch, scheduled, or agent-initiated posting.
Running the wrong helper script could publish content the user did not draft or intend to post from their account.
A bundled top-level script immediately calls the publisher with preset promotional content if run. The main SKILL.md focuses on custom/user-provided publishing and does not clearly call out these ready-to-run preset publishing scripts.
const config = { title: 'MiniMax + OpenClay 打造AI助手', ... }; ... publish(config).then(result => {Remove preset publishing scripts, or clearly label them as examples and make them dry-run only unless the user explicitly confirms the exact title, content, images, and tags.
Users must trust unreviewed local software to handle their Xiaohongshu login/session and posting actions.
The core workflow depends on an external executable and a global npm package that are not included, pinned, checksummed, or declared in the install spec/requirements, even though they handle the account-facing publishing flow.
文件:`xiaohongshu-mcp-windows-amd64.exe` ... 启动方式:运行 exe 文件 ... `npm install -g mcporter`
Provide a pinned, trusted source, version, checksum, OS restriction, and install spec for the MCP server and CLI before using this skill.
Posts may be made under the user's real Xiaohongshu account, with the same reputational and account-policy consequences as manual posting.
The skill is expected to use a logged-in Xiaohongshu account for publishing, but that means it operates with the user's account identity and public posting authority.
**已登录小红书账号** - 首次使用需要先扫码登录
Use a dedicated account if possible, verify which account is logged in, and avoid giving this workflow access to accounts where accidental posting would be costly.
A wrong or unexpected local service on that port could receive publishing requests or content details.
The script sends MCP requests, including post content and image paths, to a local HTTP MCP service. This is purpose-aligned, but the script does not authenticate or verify the local server beyond the localhost port.
hostname: 'localhost', port: 18060, path: '/mcp', method: 'POST'
Run only a trusted MCP server on port 18060, stop it when not needed, and consider adding server identity checks or authenticated local access.