xiaohongshu-mcp-openclaw
Security checks across malware telemetry and agentic risk
Overview
This skill does what it says, but review it before use because it logs into your Xiaohongshu account and may leave a network-accessible local service running.
Use this only on a trusted machine and network. Before scanning the login QR code, pin or review the upstream xiaohongshu-mcp version, make sure the MCP server is bound to 127.0.0.1 or firewalled, and avoid installing the keepalive service unless you really need it.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
On a shared or networked machine, another process or device that can reach the port might be able to interact with the MCP server using the logged-in Xiaohongshu session.
The script prints/checks a localhost endpoint but starts the MCP server with :PORT, which commonly binds all interfaces, and the launch command shows no authentication or host restriction.
HOST="${XHS_MCP_HOST:-127.0.0.1}" ... nohup "$MCP_BIN" -headless="$HEADLESS" -port ":$PORT" ... echo "[INFO] MCP endpoint: http://$HOST:$PORT/mcp"Bind the server explicitly to 127.0.0.1 if supported, firewall the port, avoid installing the keepalive service on shared networks, and add authentication if remote access is needed.
A future upstream change could alter the MCP server that handles logged-in Xiaohongshu requests.
The setup helper installs the upstream xiaohongshu-mcp binary at the moving latest version, without a pinned version or checksum.
VERSION="${XHS_MCP_VERSION:-latest}" ... go install "${target}@${VERSION}"Pin XHS_MCP_VERSION to a reviewed release and install only from the intended upstream source.
The skill will act with the Xiaohongshu account that scans the QR code and can access account-visible content.
The skill uses a QR login flow and reuses the resulting account session, with QR material saved locally for display.
登录态通常可复用 ... 把二维码保存到本地(默认 `~/.openclaw/workspace/xhs-login-qrcode.png`)
Only scan the QR code if you trust the skill and upstream MCP server; keep the QR file private and revoke/logout the session when no longer needed.
The MCP server can keep running after the immediate task, continuing to hold local state and account session access.
The optional service installer creates a persistent user-level service that restarts the MCP server automatically.
<key>RunAtLoad</key> ... <key>KeepAlive</key> ... ExecStart=${MCP_BIN} -headless=${HEADLESS} -port :${PORT} ... Restart=alwaysInstall the service only if you need always-on behavior; use service_status.sh and service_uninstall.sh to monitor or remove it.
If someone passes malicious custom arguments or environment values, the shell could execute unintended commands.
The service-management helper uses eval on constructed shell commands; defaults are fixed, but untrusted service names or environment values would be unsafe.
SERVICE_NAME="${1:-xiaohongshu-mcp}" ... run_cmd() { ... eval "$@"; }Do not pass untrusted service names or env overrides; maintainers should replace eval with direct command arrays.