Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
小红书MCP补丁包
v1.0.0自动检测并修复小红书MCP部署常见问题,包括端口占用、cookie路径、服务状态及超时等待。
⭐ 0· 398·2 current·2 all-time
byNANA@tinadu-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (MCP deployment fixes) align with the provided repair scripts (port release, cookie placement, waiting for Chrome, service check/start). Minor metadata inconsistency: registry metadata lists 'Homepage: none' while skill.json contains a homepage URL — this is likely a packaging/metadata mismatch but not itself dangerous.
Instruction Scope
The SKILL.md scripts perform system-level actions: forcibly killing processes (kill -9), copying cookie files into multiple filesystem locations, and launching an executable from /tmp (nohup ./xiaohongshu-mcp-linux-amd64). Running executables from /tmp and launching whatever binary resides there can execute arbitrary code if an attacker or other user places a malicious binary in /tmp. The cookie script expects a source path but the example hardcodes COOKIE_SOURCE, creating potential for user error or accidental copying of sensitive files. The one-click script runs lsof|xargs kill -9 which can be destructive if misapplied. All of these are within the general scope of deployment repair, but they grant the operator-wide discretion and can have side effects; therefore caution is warranted.
Install Mechanism
Instruction-only skill with no install spec and no code files—lowest install risk. The skill does expect common system tools (lsof, pgrep, curl, nohup) to exist but does not declare them as required; that's common for instruction-only patches but worth noting.
Credentials
No environment variables, credentials, or config paths are requested. Scripts operate on local filesystem paths (/tmp, ~/.cache) and localhost. No external network endpoints are contacted beyond localhost. The required privileges (ability to kill processes, read/write files, start binaries) are typical for a deployment-fix script but should be granted deliberately.
Persistence & Privilege
Skill is not always-enabled and does not request persistent privileges. It does not modify other skills or agent-wide configuration in the provided instructions.
What to consider before installing
Do not run these scripts blindly on a production system. Specific recommendations:
- Inspect each script line-by-line before executing. Ensure COOKIE_SOURCE and other paths point to files you control.
- Avoid running the one-click script as root or on a multi-user host. kill -9 and broad lsof|xargs patterns can terminate unrelated processes.
- Do not start executables directly from /tmp unless you trust the binary. Prefer keeping the MCP binary in a controlled directory and verify its checksum/signature.
- Copying cookies around can expose sensitive tokens; ensure you supply the correct cookie file and limit its file permissions.
- Run first in an isolated environment (container or VM) to validate behavior and logs (/tmp/mcp.log).
- If you want to use this skill, consider modifying scripts to use safer practices (gentle TERM signal before SIGKILL, explicit paths, sanity-checks on files and binaries, fewer blanket file copies).
- Metadata mismatch (homepage present in skill.json but registry showed none) is likely packaging sloppiness—confirm source and provenance of the skill before trusting it.
If you can provide the actual MCP binary location and intended runtime user, or confirm you will run these in an isolated test VM, that would increase confidence.Like a lobster shell, security has layers — review code before you run it.
fixvk971bvb91v5e2h6rqbb1mm6dph8285zplatestvk971bvb91v5e2h6rqbb1mm6dph8285zpmcpvk971bvb91v5e2h6rqbb1mm6dph8285zppatchvk971bvb91v5e2h6rqbb1mm6dph8285zpxiaohongshuvk971bvb91v5e2h6rqbb1mm6dph8285zp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.