小红书
v1.0.5小红书自动化运营工具-支持:搜索笔记、查看笔记详情及评论、浏览推荐流、发布图文笔记。 当用户提及 xiaohongshu、小红书、RedNote,或需要在该平台进行内容调研/发布时使用。
⭐ 1· 83·0 current·0 all-time
byenoyao@wscats
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (search, view, browse, publish) match the included Python client and shell helper. Required pieces (requests library, local MCP server) are coherent with the stated purpose. The publish helper for packaging is a developer tool and not required at runtime.
Instruction Scope
SKILL.md instructs the agent/user to interact only with a local MCP server at http://localhost:18060, to install requests, and to follow SETUP.md. The runtime client only calls local endpoints and prints JSON; it does not read other system files or environment variables. The SETUP process does require running a third-party binary (MCP) and QR login, which is expected for this functionality.
Install Mechanism
This skill is instruction-only (no automated install). SETUP.md directs users to download MCP binaries from the GitHub Releases page of xpzouying/xiaohongshu-mcp — a plausible source for this project. Downloading and running third-party binaries carries standard trust risk; the registry package itself does not automatically fetch arbitrary URLs or extract archives.
Credentials
No environment variables, secrets, or config paths are requested by the skill. Account login is handled by the local MCP server via QR-code login as documented; no hidden credential exfiltration is present in the Python client.
Persistence & Privilege
Skill does not request always:true, does not modify other skills or system-wide configuration, and contains only a local client and a developer publish script. The client interacts with a local service and does not attempt to install persistent background services itself.
Assessment
This skill is internally consistent with its purpose, but it relies on running a third-party MCP binary that will control your Xiaohongshu session (login via QR). Before installing or running: 1) review and trust the upstream GitHub repo/releases (verify checksums if provided); 2) run the MCP binary in an isolated environment or with a non-critical account if you are cautious; 3) note that the MCP server can perform actions on your account (including publishing), so avoid using your primary account unless you trust the binary; and 4) follow SETUP.md to install only the documented tools (pip requests) and avoid running unexpected binaries or scripts.Like a lobster shell, security has layers — review code before you run it.
latestvk97apt6bw8w74c93300qrdne5s849rfc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.