← Back to Skills Marketplace
Rednote Mac
by
Runhui Huang
· GitHub ↗
· v1.3.7
629
Downloads
1
Stars
0
Active Installs
13
Versions
Install in OpenClaw
/install rednote-mac
Description
Control the RedNote (Xiaohongshu) Mac app via macOS Accessibility API. Fills the gap headless tools can't: read/reply to comments on video posts, send DMs, g...
Usage Guidance
This skill appears coherent: the files implement Accessibility-driven automation for the RedNote macOS app and the install steps match that goal. Before installing: (1) understand that granting Terminal Accessibility permission lets scripts control every app on your Mac — only enable it if you trust the code and ideally test in a separate/local user account or VM; (2) review install.sh and the Python files yourself (they use pbcopy, screencapture, osascript, cliclick and run local subprocesses — expected for GUI automation); (3) ensure you only enable the plugin when RedNote is a legitimate app you have installed; (4) if you plan to run the MCP server mode, be careful about how mcp is configured (it can expose different transports depending on runtime configuration). If you want more assurance, run the plugin in an isolated account/session and inspect/modify the code to remove any behaviors you don't want.
Capability Analysis
Type: OpenClaw Skill
Name: rednote-mac
Version: 1.3.7
The skill is classified as suspicious due to its reliance on broad macOS Accessibility API permissions, which grant extensive control over the user's system and all applications. While necessary for its stated purpose of controlling the RedNote app, this capability inherently carries significant risk if the skill is compromised or misused, as explicitly warned in `README.md`. Additionally, the `index.ts` file dynamically constructs Python code strings for execution via `execFileAsync`, which is a potential command injection vulnerability, even with `JSON.stringify` for some inputs. The `xhs_controller.py` also executes external binaries like `yt-dlp` with a URL parameter, introducing a risk if a malicious URL were to be processed. There is no clear evidence of intentional malicious behavior such as data exfiltration to external endpoints or persistence mechanisms.
Capability Assessment
Purpose & Capability
Name/description indicate native macOS app automation for RedNote. The code (xhs_controller.py, server.py, index.ts), README, and SKILL.md all implement Accessibility-driven UI control, use cliclick and Python AX libraries, and register tools matching the documented capabilities. Required binaries (cliclick, python3) and the Accessibility permission are appropriate for this purpose. Minor implementation oddity: the Python code uses OWNER_NAME='rednote' and PROCESS_NAME='discover' (pgrep -x 'discover') which looks like a bug/ mismatch but not a sign of unrelated functionality.
Instruction Scope
SKILL.md and README instruct only local actions: install dependencies, grant Terminal Accessibility permission, run install.sh, and invoke tools that take screenshots, click, type, and read AX attributes. No instructions request unrelated files, environment variables, or external endpoints. The documentation is explicit about limitations and the need to keep the app visible. It also warns that Accessibility permission grants control over all apps (correct and important).
Install Mechanism
There is no opaque remote download. install.sh uses Homebrew and pip (or uv sync) to install known packages (cliclick via Homebrew; atomacos, PyObjC, mcp via PyPI). It creates a symlink in ~/.openclaw/extensions to register the plugin. This is standard and proportionate for the skill's functionality.
Credentials
The skill declares no required environment variables or credentials. Code does not embed secrets or request tokens. The only privileged resource required is macOS Accessibility permission, which is necessary for automating GUI actions but is inherently high‑risk — the README and SKILL.md call this out.
Persistence & Privilege
The skill is not always: true and does not request to modify other skills. It creates a symlink under ~/.openclaw/extensions to register itself (normal for a plugin). The significant privilege to note is the macOS Accessibility permission (granted to Terminal) because that allows automated control of any GUI application; the skill legitimately needs it for its purpose, but this amplifies its potential impact if misused. The README suggests running automation in a dedicated user account, which is good guidance.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install rednote-mac - After installation, invoke the skill by name or use
/rednote-mac - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.7
Add required binaries/OS/permissions metadata to fix Suspicious scan; declare darwin-only, cliclick+python3 deps
v1.3.6
Expand description with full feature summary
v1.3.5
Restore full SKILL.md body; fix description to single-line string
v1.3.4
Shorten description to fit display limits
v1.3.3
Fix description truncation: change YAML folded block to single-line string
v1.3.2
SKILL.md redesign: scenario-first code blocks instead of tables. Agent-friendly format following github/notion skill style.
v1.3.1
SKILL.md redesign: replaced tables with scenario-first code blocks (following github/notion skill style). Agent-friendly format — each section shows a real usage pattern, not a parameter list.
v1.3.0
Documentation overhaul: SKILL.md fully restructured with proper markdown tables, clear sections, better visual hierarchy. README rewritten with comparison table (rednote-mac vs headless), complete tool reference tables, architecture section. Shorter frontmatter description that doesn't truncate on clawhub.
v1.2.2
Final cleanup: unified all internal names to rednote-mac (removed xhs-mac/xhs-mac-mcp references in server.py, index.ts, openclaw.plugin.json). SKILL_DIR now uses __dirname instead of hardcoded user path. Added explicit Accessibility permission scope warning.
v1.2.1
Clarify Accessibility permission scope: Terminal accessibility grants control over ALL apps, not just RedNote. Added explicit warning and recommendation to use a dedicated user account for automation.
v1.2.0
Security fixes based on clawhub scan: removed unnecessary LLM deps (anthropic/openai/google-generativeai) from pyproject.toml — they were dev artifacts unrelated to AX control. Added cliclick install check to install.sh. Minimal dependency footprint: atomacos + pyobjc + mcp only.
v1.1.0
Security transparency: SKILL.md now explicitly states permissions required (Accessibility API), what install.sh does, scope of App control (RedNote window only), and no-network/no-credentials policy. Improved ref docs.
v1.0.0
Control RedNote (Xiaohongshu) Mac app via Accessibility API. 20 tools: DM, comment reply, video comments, search, like, collect, author stats. OpenClaw Plugin + MCP server. Modular docs for on-demand loading.
Metadata
Frequently Asked Questions
What is Rednote Mac?
Control the RedNote (Xiaohongshu) Mac app via macOS Accessibility API. Fills the gap headless tools can't: read/reply to comments on video posts, send DMs, g... It is an AI Agent Skill for Claude Code / OpenClaw, with 629 downloads so far.
How do I install Rednote Mac?
Run "/install rednote-mac" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Rednote Mac free?
Yes, Rednote Mac is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Rednote Mac support?
Rednote Mac is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin).
Who created Rednote Mac?
It is built and maintained by Runhui Huang (@huangrh99); the current version is v1.3.7.
More Skills