← Back to Skills Marketplace

小红书MCP补丁包

Name: 小红书MCP补丁包
Author: tinadu-ai

by NANA · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

484

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install xiaohongshu-mcp-patch

Description

自动检测并修复小红书MCP部署常见问题，包括端口占用、cookie路径、服务状态及超时等待。

Usage Guidance

Do not run these scripts blindly on a production system. Specific recommendations: - Inspect each script line-by-line before executing. Ensure COOKIE_SOURCE and other paths point to files you control. - Avoid running the one-click script as root or on a multi-user host. kill -9 and broad lsof|xargs patterns can terminate unrelated processes. - Do not start executables directly from /tmp unless you trust the binary. Prefer keeping the MCP binary in a controlled directory and verify its checksum/signature. - Copying cookies around can expose sensitive tokens; ensure you supply the correct cookie file and limit its file permissions. - Run first in an isolated environment (container or VM) to validate behavior and logs (/tmp/mcp.log). - If you want to use this skill, consider modifying scripts to use safer practices (gentle TERM signal before SIGKILL, explicit paths, sanity-checks on files and binaries, fewer blanket file copies). - Metadata mismatch (homepage present in skill.json but registry showed none) is likely packaging sloppiness—confirm source and provenance of the skill before trusting it. If you can provide the actual MCP binary location and intended runtime user, or confirm you will run these in an isolated test VM, that would increase confidence.

Capability Analysis

Type: OpenClaw Skill Name: xiaohongshu-mcp-patch Version: 1.0.0 The skill bundle contains bash scripts for managing the 'Xiaohongshu MCP' service that perform high-risk operations. Key indicators include scripts that kill processes by port (fix-port.sh), copy sensitive session cookies to potentially world-readable locations like /tmp (fix-cookie.sh), and execute binaries directly from /tmp (check-service.sh). While these actions are consistent with the stated goal of troubleshooting deployment issues, they introduce significant security vulnerabilities regarding credential exposure and insecure execution paths.

Capability Assessment

ℹ Purpose & Capability

The name/description (MCP deployment fixes) align with the provided repair scripts (port release, cookie placement, waiting for Chrome, service check/start). Minor metadata inconsistency: registry metadata lists 'Homepage: none' while skill.json contains a homepage URL — this is likely a packaging/metadata mismatch but not itself dangerous.

⚠ Instruction Scope

The SKILL.md scripts perform system-level actions: forcibly killing processes (kill -9), copying cookie files into multiple filesystem locations, and launching an executable from /tmp (nohup ./xiaohongshu-mcp-linux-amd64). Running executables from /tmp and launching whatever binary resides there can execute arbitrary code if an attacker or other user places a malicious binary in /tmp. The cookie script expects a source path but the example hardcodes COOKIE_SOURCE, creating potential for user error or accidental copying of sensitive files. The one-click script runs lsof|xargs kill -9 which can be destructive if misapplied. All of these are within the general scope of deployment repair, but they grant the operator-wide discretion and can have side effects; therefore caution is warranted.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files—lowest install risk. The skill does expect common system tools (lsof, pgrep, curl, nohup) to exist but does not declare them as required; that's common for instruction-only patches but worth noting.

✓ Credentials

No environment variables, credentials, or config paths are requested. Scripts operate on local filesystem paths (/tmp, ~/.cache) and localhost. No external network endpoints are contacted beyond localhost. The required privileges (ability to kill processes, read/write files, start binaries) are typical for a deployment-fix script but should be granted deliberately.

✓ Persistence & Privilege

Skill is not always-enabled and does not request persistent privileges. It does not modify other skills or agent-wide configuration in the provided instructions.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install xiaohongshu-mcp-patch
After installation, invoke the skill by name or use /xiaohongshu-mcp-patch
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- 初始发布，提供小红书 MCP 常见部署问题的自动化修复脚本集。 - 修复端口占用、cookie 路径缺失、Chrome 安装卡住、服务状态异常等问题。 - 每个问题提供独立的 Bash 修复脚本及使用说明。 - 提供一键修复总脚本，实现端到端自动检测与修正。 - 适用于小红书 MCP 服务部署常见故障场景。

Metadata

Slug xiaohongshu-mcp-patch

Version 1.0.0

License —

All-time Installs 2

Active Installs 2

Total Versions 1

Frequently Asked Questions

What is 小红书MCP补丁包?

自动检测并修复小红书MCP部署常见问题，包括端口占用、cookie路径、服务状态及超时等待。 It is an AI Agent Skill for Claude Code / OpenClaw, with 484 downloads so far.

How do I install 小红书MCP补丁包?

Run "/install xiaohongshu-mcp-patch" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 小红书MCP补丁包 free?

Yes, 小红书MCP补丁包 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does 小红书MCP补丁包 support?

小红书MCP补丁包 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 小红书MCP补丁包?

It is built and maintained by NANA (@tinadu-ai); the current version is v1.0.0.

More Skills