v1.0.0

小红书发布

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:15 AM.

Analysis

The skill largely matches its stated purpose of posting to Xiaohongshu, but it can publish publicly through a logged-in account and depends on undeclared external MCP/login components.

GuidanceReview this before installing. Use it only with a Xiaohongshu account you intend to automate, verify the external MCP executable and mcporter installation source, and require manual approval before any public post is sent.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/publish.js

name: 'publish_content',
      arguments: {
        title: config.title,
        content: config.content,
        images: config.images,
        tags: config.tags || []
      }

The script directly calls the MCP publish tool with the supplied title, content, images, and tags after checking login; the artifacts do not show a separate user confirmation step before mutating a public social account.

User impactIf invoked with wrong or unintended content, the agent could publish publicly to the user's Xiaohongshu account.

RecommendationRequire explicit user approval immediately before every publish action, especially for batch or scheduled posting.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

文件：`xiaohongshu-mcp-windows-amd64.exe`
   - 端口：18060
   - 启动方式：运行 exe 文件

2. **mcporter CLI**
   ```bash
   npm install -g mcporter
   ```

The skill requires an external MCP executable and a global npm package, but the install spec and required binaries are empty and the executable is not included in the reviewed files.

User impactA user must trust additional unreviewed software that likely handles login and posting authority.

RecommendationProvide pinned, verifiable sources and checksums for the MCP executable and dependencies, and declare them in the install requirements.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

publish_minimax.js

title: 'MiniMax + OpenClay 打造AI助手',
...
publish(config).then(result => {

A standalone included script immediately publishes a predefined promotional-style post if executed; this is visible in source but not highlighted in the main skill documentation.

User impactRunning the wrong helper script could post prewritten content that the user did not draft themselves.

RecommendationInspect or remove preset publishing scripts unless the user explicitly wants to publish that exact content.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

references/config.md

首次使用需要先登录：

```bash
node scripts/publish.js --check
```
...
3. 检查 cookies 文件是否存在

The skill depends on a logged-in Xiaohongshu account and cookie/session state, but the registry metadata declares no primary credential, environment variable, or required config path.

User impactInstalling or using the skill effectively gives the workflow authority to act as the logged-in Xiaohongshu user.

RecommendationClearly declare the account/session requirement, document where credentials or cookies are stored, and limit use to the intended Xiaohongshu account.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

scripts/publish.js

hostname: 'localhost',
      port: 18060,
      path: '/mcp',
      method: 'POST'

The client sends MCP tool calls and post data to a local HTTP service on port 18060 without identity verification in the included code.

User impactPost content, image paths, and account actions are routed through whatever trusted MCP service is running on that local port.

RecommendationStart only a trusted MCP server, verify it is the expected process before publishing, and stop it when not in use.