← Back to Skills Marketplace
112
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install xhsmander
Description
小红书自动化发布技能。通过 Docker 容器中的 xiaohongshu-mcp 服务,实现登录、发布图文、搜索、互动等操作。 当用户提到发小红书、发笔记、发布内容、扫码登录小红书、小红书自动化、小红书发布时使用此技能。
Usage Guidance
This package generally does what its description says, but take the following precautions before using it:
- Treat the Docker image as untrusted until inspected. Either review the image source (xpzouying/xiaohongshu-mcp) on Docker Hub, pull and inspect it locally, or run it inside an isolated VM/container host.
- Fix the hardcoded Windows paths in scripts (check_status.py, get_qr.py, publish_post.py) before running on your machine; they won't work on non-Windows systems and may overwrite files if the exact path exists.
- Review or run the Python scripts locally to confirm they only interact with localhost:18060 and write to the intended skill directories; they do not appear to exfiltrate data to remote endpoints in their current form.
- Protect the ./data volume: cookies and session state are stored there. If you don't want persistent login state, clear or mount the volume to a controlled location.
- If you cannot verify the Docker image, consider rebuilding the MCP service from a trusted source or avoid running the image altogether.
If you want, I can list the exact files that write to absolute host paths and suggest safe replacements, or help craft commands to inspect the Docker image before running it.
Capability Analysis
Type: OpenClaw Skill
Name: xhsmander
Version: 1.0.1
The skill bundle provides Xiaohongshu automation via a local Docker-based MCP service. While the logic aligns with the stated purpose, several scripts (check_status.py, get_qr.py, and publish_post.py) contain hardcoded absolute Windows file paths (e.g., 'C:\Users\15822\...') for logging results and saving QR codes. This indicates a lack of sanitization and potential for execution failure on other systems. Additionally, the core logic is offloaded to an external Docker image (xpzouying/xiaohongshu-mcp), which introduces a third-party dependency risk for handling sensitive session cookies.
Capability Assessment
Purpose & Capability
Name/description describe automation via a local xiaohongshu-mcp Docker service; the bundled scripts and docker-compose directly implement that (initialize session, get QR, publish, search, etc.). Required env/credentials are minimal (QR-based login), which aligns with the stated purpose.
Instruction Scope
SKILL.md instructs running docker-compose and the included Python scripts which call the local MCP HTTP JSON-RPC endpoint — this is in-scope. However multiple scripts write outputs to hardcoded absolute Windows paths (e.g., C:\Users\15822\.agents\skills\xhsmander\scripts\*.json/png). Those hardcoded paths are inconsistent with cross-platform usage and may cause unexpected behavior or overwrite files on the host; they also indicate the package was bundled from a personal environment without sanitization.
Install Mechanism
There is no automatic installer in the package (instruction-only), but the docker-compose references a third-party image (xpzouying/xiaohongshu-mcp) and an alternative personal registry URL commented in. Pulling and running a remote container image is necessary for the described functionality but introduces supply-chain risk: you should audit the image or run it in an isolated environment (VM) before trusting it.
Credentials
The skill does not request external environment variables or credentials (uses QR login and stores cookies in a local Docker volume), which is proportionate. The docker-compose defines container env vars (ROD_BROWSER_BIN, COOKIES_PATH) for the service; those are container-local and expected. Be aware the skill stores cookies in ./data volume — protect that directory if it contains session credentials.
Persistence & Privilege
always is false and the skill is user-invocable. It does not declare persistent platform-wide changes or attempt to modify other skills' configs. Running the docker container will create volumes and persist cookies/images under the skill directory per the docker-compose file (expected for this use case).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xhsmander - After installation, invoke the skill by name or use
/xhsmander - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
xhsmander v1.0.1 introduces a structured file organization and provides ready-to-use scripts for end-to-end automated publishing on 小红书 via Docker.
- Added initial scripts: check_status.py, get_qr.py, publish_post.py for status check, QR code login, and post publishing.
- Introduced docker-compose.yml for easy container deployment.
- Provided _meta.json for metadata and updated SKILL.md with detailed workflow and usage instructions.
- Clarified container vs. host path requirements for image publishing.
- Expanded documentation for deployment, code structure, and session handling.
v1.0.0
xhsmander 1.0.0
- 新增小红书自动化发布技能,支持登录、发布内容、搜索、互动等操作。
- 基于 xiaohongshu-mcp Docker 服务,通过一组脚本与容器 HTTP API 通信。
- 支持扫码登录、检查状态、图文笔记发布、首页推荐、点赞、收藏、评论等常用操作。
- 完成本机与容器路径映射与图片管理策略,确保图片发布顺畅。
- 提供关键脚本与 Docker 部署说明,对使用流程和常见限制做出详细指引。
Metadata
Frequently Asked Questions
What is xhsmander?
小红书自动化发布技能。通过 Docker 容器中的 xiaohongshu-mcp 服务,实现登录、发布图文、搜索、互动等操作。 当用户提到发小红书、发笔记、发布内容、扫码登录小红书、小红书自动化、小红书发布时使用此技能。 It is an AI Agent Skill for Claude Code / OpenClaw, with 112 downloads so far.
How do I install xhsmander?
Run "/install xhsmander" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is xhsmander free?
Yes, xhsmander is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does xhsmander support?
xhsmander is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created xhsmander?
It is built and maintained by xiaohuozi (@279458179); the current version is v1.0.1.
More Skills