post-to-xhs
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill matches its Xiaohongshu posting purpose, but it asks users to install unreviewed external tooling, log into a social account, persist cookies locally, and perform public account actions without clear safety boundaries.
Use this only if you trust the external xhs-mcp-py package and are comfortable giving it a logged-in Xiaohongshu session. Pin and verify the package, review every post/comment/like/favorite before execution, avoid sensitive media paths, and run `xhs-mcp logout` when finished.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A logged-in XHS session may remain available to the tool for days or weeks, allowing future actions on the user’s account if invoked.
The skill requires account login and stores reusable session cookies locally; this is expected for XHS automation, but it is high-impact account authority and the artifact does not define the storage path, protections, or precise reuse boundaries.
小红书所有功能(发布、搜索、点赞、评论等)都需要先登录。... 登录成功后,cookies 会保存到本地文件,后续操作自动复用(有效期约 7-30 天)。
Only log in with an account you are comfortable automating, verify where the cookies are stored, and run the documented logout command when finished.
The agent could create public posts, comments, likes, or favorites that affect the user’s account reputation and visibility.
These commands can publish content and interact publicly from the user’s account. The instructions show direct execution flows but do not require an explicit final user confirmation before high-impact account mutations.
命令:`xhs-mcp publish` ... 命令:`xhs-mcp like` ... 命令:`xhs-mcp favorite` ... 命令:`xhs-mcp comment`
Before allowing execution, review the exact title, content, media paths, target post IDs, and comment text; require confirmation for every publish or interaction.
Installing or upgrading an unpinned package could run code that was not reviewed with this skill and may change behavior over time.
The skill relies on installing the latest external package and browser tooling, while the provided artifact set contains no code files or pinned dependency version for review. That package would handle login, cookies, uploads, and account actions.
pip install -U xhs-mcp-py # 安装 Playwright 浏览器(必需) playwright install chromium
Verify the package source and maintainer, pin a trusted version, and review the package before using it with a real XHS account.
If enabled, other MCP clients in the environment might gain access to the XHS automation interface depending on how the server is configured.
The optional MCP mode may expose the same XHS actions through an MCP server, but the artifact does not describe client identity, authorization, or data boundaries. It is optional and user-directed, so this is a notice rather than a standalone concern.
## (可选)MCP 模式 ... 可以启动 MCP: ```bash xhs-mcp serve ```
Only start MCP mode in a trusted local environment and confirm which clients can connect before logging in.