ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Xiaohongshu (小红书) Automation

Automate Xiaohongshu (RedNote) content operations using a Python client for the xiaohongshu-mcp server. Use for: (1) Publishing image, text, and video content, (2) Searching for notes and trends, (3) Analyzing post details and comments, (4) Managing user profiles and content feeds. Triggers: xiaohongshu automation, rednote content, publish to xiaohongshu, xiaohongshu search, social media management.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
81 · 19k · 168 current installs · 180 all-time installs
by@Borye
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the actual behavior: the SKILL.md and bundled Python client call a local xiaohongshu-mcp server to search, read details, fetch feeds, and publish posts. Requiring the MCP server and a login tool is coherent with a Xiaohongshu automation skill.
Instruction Scope
Instructions are narrowly scoped to downloading the MCP binaries, logging in via QR, running a local server on http://localhost:18060, and using the provided Python client to call that local API. They do not instruct reading unrelated files, environment variables, or sending data to external endpoints beyond GitHub for downloads and localhost for the MCP API. However, the skill requires performing an account login via a third‑party binary that will manage your session tokens (xsec_token/feed IDs are used), which is sensitive — the instructions correctly surface this but you should review the server/binaries and their trustworthiness before use.
Install Mechanism
There is no automated install spec; the README instructs manual download of binaries from GitHub Releases (a standard release host). Manual install lowers automation risk but still requires executing third‑party binaries (granting execute permission). That is an expected mechanism for this skill but carries the usual risks of running unsigned/unreviewed binaries.
Credentials
The skill declares no environment variables, no credentials, and no config paths — which is consistent with a design that relies on a locally running server and on-session tokens obtained via the login tool. There are no unrelated credentials requested.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or make changes to other skills. It only instructs running a local server the user must start; there is no indication it modifies agent configuration or installs persistent agents.
Assessment
This skill is coherent for automating Xiaohongshu via a local MCP server, but it requires you to download and run third‑party binaries that manage your account session. Before installing/using: (1) Verify the GitHub repository and release artifacts are the official project and inspect release signatures or checksums if available; (2) Prefer building the server from source or reviewing source code if possible rather than running prebuilt binaries; (3) Use a throwaway/test Xiaohongshu account (not your primary) while testing — QR logins and session tokens can grant full account access; (4) Run the binaries in an isolated environment/container and monitor network/activity; (5) Review the full scripts/xhs_client.py file (the manifest snippet in the skill was truncated in this package review) to ensure there are no hidden/exfiltration behaviors. If you cannot validate the binaries' provenance, avoid using sensitive accounts with this skill.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk974vsxvbcnqzayc1x45ffyjs180bbr1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Xiaohongshu MCP Skill (with Python Client)

Automate content operations on Xiaohongshu (小红书) using a bundled Python script that interacts with the xpzouying/xiaohongshu-mcp server (8.4k+ stars).

Project: xpzouying/xiaohongshu-mcp

1. Local Server Setup

This skill requires the xiaohongshu-mcp server to be running on your local machine.

Step 1: Download Binaries

Download the appropriate binaries for your system from the GitHub Releases page.

PlatformMCP ServerLogin Tool
macOS (Apple Silicon)xiaohongshu-mcp-darwin-arm64xiaohongshu-login-darwin-arm64
macOS (Intel)xiaohongshu-mcp-darwin-amd64xiaohongshu-login-darwin-amd64
Windowsxiaohongshu-mcp-windows-amd64.exexiaohongshu-login-windows-amd64.exe
Linuxxiaohongshu-mcp-linux-amd64xiaohongshu-login-linux-amd64

Grant execute permission to the downloaded files:

chmod +x xiaohongshu-mcp-darwin-arm64 xiaohongshu-login-darwin-arm64

Step 2: Login (First Time Only)

Run the login tool. It will open a browser window with a QR code. Scan it with your Xiaohongshu mobile app.

./xiaohongshu-login-darwin-arm64

Important: Do not log into the same Xiaohongshu account on any other web browser, as this will invalidate the server's session.

Step 3: Start the MCP Server

Run the MCP server in a separate terminal window. It will run in the background.

# Run in headless mode (recommended)
./xiaohongshu-mcp-darwin-arm64

# Or, run with a visible browser for debugging
./xiaohongshu-mcp-darwin-arm64 -headless=false

The server will be available at http://localhost:18060.

2. Using the Skill

This skill includes a Python client (scripts/xhs_client.py) to interact with the local server. You can use it directly from the shell.

Available Commands

CommandDescriptionExample
statusCheck login statuspython scripts/xhs_client.py status
search <keyword>Search for notespython scripts/xhs_client.py search "咖啡"
detail <id> <token>Get note detailspython scripts/xhs_client.py detail "note_id" "xsec_token"
feedsGet recommended feedpython scripts/xhs_client.py feeds
publish <title> <content> <images>Publish a notepython scripts/xhs_client.py publish "Title" "Content" "url1,url2"

Example Workflow: Market Research

  1. Check Status: First, ensure the server is running and you are logged in.

    python ~/clawd/skills/xiaohongshu-mcp/scripts/xhs_client.py status

  2. Search for a Keyword: Find notes related to your research topic. The output will include the feed_id and xsec_token needed for the next step.

    python ~/clawd/skills/xiaohongshu-mcp/scripts/xhs_client.py search "户外电源"

  3. Get Note Details: Use the feed_id and xsec_token from the search results to get the full content and comments of a specific note.

    python ~/clawd/skills/xiaohongshu-mcp/scripts/xhs_client.py detail "64f1a2b3c4d5e6f7a8b9c0d1" "security_token_here"

  4. Analyze: Review the note's content, comments, and engagement data to gather insights.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…