← Back to Skills Marketplace
885
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install xiaohongshu-login
Description
小红书 MCP 登录流程。当用户需要登录小红书、小红书登录过期、或需要获取小红书登录二维码时使用此 skill。
Usage Guidance
Before installing/using this skill, verify the execution environment and confirm assumptions: (1) Ensure mcporter is available and authenticated in your environment — the skill relies on mcporter calls. (2) The SKILL.md expects Node.js (child_process.execSync) and a local 'read' tool; the skill metadata does not declare these — provide or adapt them or request the author to declare requirements. (3) Replace the hard-coded path (/Users/chen/.openclaw/workspace/xhs_login.png) with a workspace-relative or configurable path to avoid overwriting someone else's files. (4) The instructions include sending the image to Feishu but declare no Feishu credentials; confirm how authentication is handled and whether sending images externally is acceptable. (5) The Node snippet uses shell exec and a regex to extract base64 — this is brittle and can mis-parse output or be abused; prefer structured output or safer parsing if possible. (6) If you must use the skill, run it in a controlled environment with limited permissions and review the exact commands it will run. Ask the skill author to (a) declare required runtimes/tools and credentials, (b) avoid hard-coded paths, and (c) avoid shelling untrusted output without sanitization. If these clarifications are not provided, treat the skill as risky to use with sensitive accounts or on a personal machine.
Capability Analysis
Type: OpenClaw Skill
Name: xiaohongshu-login
Version: 1.0.0
The skill is classified as suspicious due to the hardcoded absolute path `/Users/chen/.openclaw/workspace/xhs_login.png` used for saving, displaying, and sending the QR code image in `SKILL.md`. While the intent is to save a temporary image for a legitimate login flow, hardcoding an absolute path to a specific user's home directory is a significant vulnerability and bad practice. It introduces portability issues and could lead to file system errors or, in specific environments, potential information leakage or overwrite if the path were to resolve to a sensitive location or be manipulated via symlinks. There is no evidence of intentional malicious behavior like data exfiltration or backdoors.
Capability Assessment
Purpose & Capability
The skill claims to implement Xiaohongshu MCP login (check status, get QR, reset). That purpose is plausible for the commands shown (mcporter calls). However the SKILL.md also uses Node.js code, a 'read' tool, and a 'message ... channel=feishu' command to transmit files. The skill metadata declares no required binaries, runtimes, or credentials, so the run-time assumptions (Node, read, Feishu messaging) are not reflected in requirements — this is an inconsistency.
Instruction Scope
Instructions tell the agent to run mcporter commands, use a Node.js execSync snippet to parse output with a regex, write a PNG to a hard-coded user path (/Users/chen/.openclaw/workspace/xhs_login.png), display it via a local 'read' tool, and optionally send it to Feishu. These steps include file I/O on a user home path and an instruction to transmit a local file externally; the SKILL.md gives the agent broad discretion (execSync with shell) and uses brittle regex-based parsing that could mis-handle output. The skill also assumes tools and credentials not declared.
Install Mechanism
No install spec and no code files: instruction-only skill (lowest installer risk). Nothing is being downloaded or written by an installer step.
Credentials
The skill declares no required environment variables or primary credential, yet the instructions rely on services (Feishu messaging) that typically require credentials, and on mcporter being available and authenticated. It also uses a hard-coded file path under a specific user account ('chen') which is environment-specific and may improperly access or overwrite user files. The lack of declared credentials for external transmission is disproportionate to the stated purpose.
Persistence & Privilege
always is false and the skill is user-invocable; there is no request for persistent, always-on presence or modification of other skills/system-wide settings. The skill does write a file to disk during operation, but that is a normal runtime action for this flow.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xiaohongshu-login - After installation, invoke the skill by name or use
/xiaohongshu-login - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
初始版本 - 小红书登录流程自动化
Metadata
Frequently Asked Questions
What is 小红书登录?
小红书 MCP 登录流程。当用户需要登录小红书、小红书登录过期、或需要获取小红书登录二维码时使用此 skill。 It is an AI Agent Skill for Claude Code / OpenClaw, with 885 downloads so far.
How do I install 小红书登录?
Run "/install xiaohongshu-login" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 小红书登录 free?
Yes, 小红书登录 is completely free (open-source). You can download, install and use it at no cost.
Which platforms does 小红书登录 support?
小红书登录 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 小红书登录?
It is built and maintained by undefined (@fe-room); the current version is v1.0.0.
More Skills