小红书
v1.0.5小红书自动化运营工具-支持:搜索笔记、查看笔记详情及评论、浏览推荐流、发布图文笔记。 当用户提及 xiaohongshu、小红书、RedNote,或需要在该平台进行内容调研/发布时使用。
⭐ 1· 2.6k·1 current·1 all-time
byenoyao@wscats
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the delivered artifacts: a Python client that talks to a local xiaohongshu-mcp server to search, view, browse feeds and publish notes. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope
SKILL.md instructs the agent to call a local server (http://localhost:18060), run the provided scripts, and follow setup steps to install the MCP server. The instructions do not ask the agent to read unrelated files, fetch secrets, or transmit data to remote endpoints other than the local MCP server; post-setup downloads reference GitHub Releases for the MCP binaries.
Install Mechanism
This is instruction-only with no packaged install. SETUP.md directs users to GitHub Releases (a standard release host) for MCP binaries and to pip install requests. No obscure URLs, shorteners, or arbitrary remote code downloads are used by the skill itself.
Credentials
The skill declares no required environment variables or credentials. The Python client only uses requests and targets localhost; there are no hidden credential requests in the code files.
Persistence & Privilege
The skill does not request always:true and has no install-time behavior that modifies other skills or system-wide settings. The publish.sh helper is a developer convenience for publishing to the registry and is not executed at runtime by the agent.
Assessment
This skill is internally consistent: it expects you to run a local xiaohongshu-mcp server (from the linked GitHub repo) and then the Python client will talk to that local server. Before installing/using: (1) verify the MCP project and its binaries on the referenced GitHub Releases page (check checksum/signature if provided), (2) run the MCP server on an account you control and be mindful of session rules (the README warns not to log in elsewhere), and (3) treat the MCP binary as sensitive since it will control your Xiaohongshu session and can post on your behalf. If you don't trust the MCP release, do not run it — the skill itself only communicates with localhost and does not exfiltrate credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk97czn56b7fpg3jmaerxazkkxn848znx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.