Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Xiaohongshu MCP
v1.0.1本地小红书 MCP 工作流技能,支持搜索笔记、读取详情与评论、发表评论与回复、发布图文/视频,并附带可直接复用的 Bash 脚本与发布模板。用户提到“小红书、xiaohongshu、小红书MCP、搜小红书、查小红书、发小红书、发布笔记、小红书评论、小红书详情、笔记发布、内容运营、RedNote”时使用。优先通过...
⭐ 1· 107·0 current·0 all-time
byxiaopeng@xiaomilizhipeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the included scripts and templates: search, read details/comments, post comments, and publish content via a local MCP service. The SKILL.md and scripts consistently call a local mcporter-based MCP endpoint. Minor inconsistency: the skill uses mcporter and python3 (and references docker/docker-compose) but the registry metadata lists no required binaries — the runtime dependencies are described in SKILL.md but not declared in the skill metadata.
Instruction Scope
Instructions and scripts operate against a local MCP endpoint (mcporter calls to localhost) and local files/templates. They require user-supplied feed_id/xsec_token or payload JSON and do not contact external endpoints directly from the scripts. The workflows and example commands are narrowly scoped to the stated MCP operations.
Install Mechanism
There is no install spec for the skill itself, but the repository includes a docker-compose file that will pull the image xpzouying/xiaohongshu-mcp from an external registry. Pulling and running an unverified container image is a meaningful risk (arbitrary code execution inside the container). The compose file also maps host paths into the container, increasing impact if the image is malicious or compromised. The skill does not provide provenance or verification for that image.
Credentials
The skill declares no required env vars, which matches the metadata, but the docker-compose and setup instructions recommend mounting sensitive host data (cookies.json, Chrome profile, .pki, user-data). Those mounts are plausibly required to preserve login state for automated posting, but they grant the container access to potentially sensitive credentials and browser data. Users should treat those mounts as high-risk and only use trusted images and isolate them appropriately. Also, scripts inject user-supplied content into JSON via printf/cat without escaping — malformed or specially crafted content could break payloads (not necessarily exfiltration but a robustness/injection concern).
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and does not persist changes to global agent config. It does include Docker persistence recommendations for login state, which are scoped to the MCP container and not the agent platform itself.
What to consider before installing
Before installing or running this skill: 1) Verify and trust the Docker image xpzouying/xiaohongshu-mcp before running docker-compose (check publisher, image tags, and upstream source); pulling unknown container images can run arbitrary code. 2) Avoid mounting sensitive host files into the container unless you trust the image—cookies.json, Chrome profile, and /root/.pki contain credentials and keys. Consider running the container in an isolated VM or with minimal volumes. 3) Ensure you install mcporter and python3 from trusted sources; the scripts rely on them though they are not declared as required in the registry metadata. 4) When providing content/payload JSON or comment text, test using the '仅自己可见' (private) visibility first; note that the scripts insert user text into JSON without escaping, so special characters may break payloads. 5) If you need higher assurance, inspect the upstream project/repository for the Docker image and review container Dockerfile and maintainer reputation, or run the MCP service code in a sandbox before mounting real browser/profile data.Like a lobster shell, security has layers — review code before you run it.
latestvk975zqwsjqfa281v5hsz03sdjd83p5tgmcpvk975zqwsjqfa281v5hsz03sdjd83p5tgopenclawvk975zqwsjqfa281v5hsz03sdjd83p5tgrednotevk975zqwsjqfa281v5hsz03sdjd83p5tgsocial-mediavk975zqwsjqfa281v5hsz03sdjd83p5tgxiaohongshuvk975zqwsjqfa281v5hsz03sdjd83p5tg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.