Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Xiaohongshu Mcp Node
v0.1.0通过 MCP 协议操作小红书平台,支持内容发布、搜索、互动等完整功能
⭐ 0· 67·0 current·0 all-time
byPING SI@sipingme
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to provide Xiaohongshu automation via an external MCP server (xiaohongshu-mcp-node). The required runtimes (Node >=20, Playwright/Chromium) and the described CLI tools match that purpose. Minor inconsistency: metadata lists no required env vars, but the SKILL.md and examples reference environment entries (HEADLESS, COOKIES_PATH) and expect a cookies.json file for authentication.
Instruction Scope
SKILL.md instructs the user/agent to clone, npm install, build, run login flows, and run the MCP server; it also expects local file paths (images, video) and will download image URLs. The quick-start recommends piping a remote install.sh via curl | bash (raw.githubusercontent.com), which grants arbitrary remote script execution. The instructions do not ask the agent to read unrelated system credentials, but they do rely on local cookie files which are sensitive.
Install Mechanism
There is no formal install spec in the registry; installation is instruction-driven and requires cloning a GitHub repo and running npm scripts. The quick-start includes a high-risk pattern (curl -fsSL <raw.githubusercontent> | bash). Building and running third‑party code from GitHub and running its npm scripts is expected for this functionality but constitutes a supply‑chain and code‑execution risk that should be audited.
Credentials
The skill does not declare required credentials in registry metadata, but runtime usage depends on a local cookies.json (authentication) and optional env vars (COOKIES_PATH, HEADLESS). Cookies are equivalent to account credentials and must be protected; the skill's claims that cookies remain local are unverifiable from the docs alone. No unrelated cloud credentials or extra secrets are requested, which is appropriate.
Persistence & Privilege
always:false and model invocation is allowed (default). The skill runs an external MCP server process configured by the user; it does not request elevated or permanent platform privileges, nor does it claim to modify other skills or global agent settings.
What to consider before installing
This skill appears to do what it says (drive Xiaohongshu through an MCP server implemented with Node + Playwright), but you should take precautions before installing: 1) Inspect the GitHub repository and any install.sh script before running it — piping remote scripts to bash is risky. 2) Treat cookies.json as sensitive (it contains authentication). Store it with restrictive permissions (chmod 600), keep it local, and consider using a throwaway/test account. 3) Consider cloning and reviewing the code, or running the MCP server in an isolated VM/container rather than on a production machine. 4) Be aware of account‑risk: automation can trigger platform rate limits or bans. 5) If you must install, avoid curl|bash; download the repo and review scripts, then run npm install and npx playwright install chromium manually. If you want a stronger assurance, ask the author for a reproducible release (GitHub Releases tarball with checksums) or perform a security review of the repository before trusting it.Like a lobster shell, security has layers — review code before you run it.
latestvk97crewv3za8j48kczewvy1z5h8388n9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.