Xiaohongshu
v0.1.0小红书(RED/XHS)自动化助手。提供完整的小红书操作能力:登录、发布图文/视频、搜索笔记、浏览详情、点赞收藏评论、查看博主主页、内容策划。 当用户提到小红书、红书、XHS、RED、发笔记、搜笔记、小红书运营等任何与小红书相关的操作时使用此 skill,即使用户没有明确说"小红书"但描述的场景明显是小红书(如"...
⭐ 28· 5.8k·36 current·39 all-time
by@xmznini
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description promise Xiaohongshu automation and the SKILL.md consistently instructs the agent to use xiaohongshu-mcp MCP tools (e.g., check_login_status, search_feeds). No unrelated env vars, binaries, or capabilities are requested.
Instruction Scope
Runtime instructions restrict behavior to checking for MCP tool availability, routing user intents to specific subskills, verifying login status, and requiring user confirmation before write actions. The instructions explicitly forbid using other tooling (Playwright/WebFetch) as substitutes and do not ask the agent to read arbitrary files or transmit data to unexpected endpoints.
Install Mechanism
There is no install spec and no code files; the skill is instruction-only, which minimizes on-disk risk. It relies on an external MCP service being present but does not itself install software.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate to an instruction-only delegator; however, the external xiaohongshu-mcp service (not part of this skill) may require credentials—those are outside this skill's manifest.
Persistence & Privilege
always is false and model invocation is allowed (defaults). The skill does not request permanent presence or system-wide configuration changes.
Assessment
This skill is coherent: it only tells the agent to use an external xiaohongshu-mcp service and does not request secrets itself. Before installing, confirm that you trust and understand the xiaohongshu-mcp service referenced by the skill: that service will perform account actions (login, post, comment) and likely needs credentials or tokens stored somewhere. Ask what /setup-xhs-mcp does and where it stores credentials, and verify the MCP implementation's security and access controls. If you don't want automated posting on your account, do not authorize or configure the underlying MCP service.Like a lobster shell, security has layers — review code before you run it.
latestvk973hja1n1t9jfk484gfat817n82bww5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.