Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
xhs-search
v1.0.1小红书内容搜索技能。通过 MCP 协议调用 xiaohongshu-mcp 工具,搜索小红书笔记、用户主页、评论等。支持关键词搜索、热度排序、内容详情提取。当用户说"搜一下小红书"、"分析小红书"、"查找小红书帖子"、"生成小红书报告"时触发此技能。
⭐ 0· 95·0 current·0 all-time
by@neargg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (XiaoHongShu search) match the provided Python wrapper and MCP usage. However, the referenced external tool (xiaohongshu-mcp) exposes both read and write actions (e.g., publish_content, like_feed). Those write capabilities are not necessary for a read/search skill and widen the capability surface.
Instruction Scope
Instructions require installing a third‑party binary, running a QR login that saves local cookies, and launching a local MCP service — all reasonable for a local client. But SKILL.md lists tools that can modify platform state (publish/like/favorite) and does not explicitly instruct the agent to restrict itself to read-only calls. If the agent is allowed to invoke the skill autonomously, it could call write APIs without further guardrails.
Install Mechanism
The install instructions use a GitHub releases URL (a standard release host) and require extracting an archive and moving binaries into ~/.local/bin. This is expected but still writes and executes third‑party binaries locally; there is no checksum/verification step suggested.
Credentials
The skill does not request environment variables, credentials, or config paths. It does require local installation and a Chrome binary path for QR login — appropriate for the described login flow. No unrelated secrets are requested.
Persistence & Privilege
always is false and there are no requests to modify other skills or global agent config. However, the MCP service stores long‑lived login cookies and exposes write operations; combined with the platform default that agents may call skills autonomously, this increases risk of unintended actions.
What to consider before installing
This skill appears to implement a legitimate local client for searching XiaoHongShu, but it requires you to install a third‑party binary that asks you to log in via QR and stores local cookies. That external tool exposes both read and write APIs (search, get_detail, but also like_feed and publish_content). Before installing: 1) review the xiaohongshu-mcp GitHub repo and its source code or build from source; 2) verify the release artifact (checksums/signatures) rather than blindly running the tarball; 3) consider running the MCP tool in an isolated environment (VM/container) and not with your main account, since cookies can be long‑lived; 4) if you will allow autonomous agent invocation, explicitly restrict the skill to read-only methods or disable autonomous invocation until you can enforce safeguards; 5) be aware that installing and running the provided binary grants it the ability to perform actions on your XiaohongShu account (likes, posts), so proceed only if you trust the third‑party tool and understand the risk.Like a lobster shell, security has layers — review code before you run it.
latestvk97241sy1bq5r173k880b9rnkx83t8az
License
MIT-0
Free to use, modify, and redistribute. No attribution required.