← 返回 Skills 市场
154
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install openclaw-xiaohongshu-mcp
功能描述
本地小红书 MCP 工作流技能,支持搜索笔记、读取详情与评论、发表评论与回复、发布图文/视频,并附带可直接复用的 Bash 脚本与发布模板。用户提到“小红书、xiaohongshu、小红书MCP、搜小红书、查小红书、发小红书、发布笔记、小红书评论、小红书详情、笔记发布、内容运营、RedNote”时使用。优先通过...
安全使用建议
Before installing or running this skill: 1) Verify and trust the Docker image xpzouying/xiaohongshu-mcp before running docker-compose (check publisher, image tags, and upstream source); pulling unknown container images can run arbitrary code. 2) Avoid mounting sensitive host files into the container unless you trust the image—cookies.json, Chrome profile, and /root/.pki contain credentials and keys. Consider running the container in an isolated VM or with minimal volumes. 3) Ensure you install mcporter and python3 from trusted sources; the scripts rely on them though they are not declared as required in the registry metadata. 4) When providing content/payload JSON or comment text, test using the '仅自己可见' (private) visibility first; note that the scripts insert user text into JSON without escaping, so special characters may break payloads. 5) If you need higher assurance, inspect the upstream project/repository for the Docker image and review container Dockerfile and maintainer reputation, or run the MCP service code in a sandbox before mounting real browser/profile data.
功能分析
Type: OpenClaw Skill
Name: openclaw-xiaohongshu-mcp
Version: 1.0.1
The skill bundle contains several shell scripts (e.g., xhs-comment.sh, xhs-detail.sh, and xhs-pick-detail.sh) that construct JSON payloads for the mcporter CLI using unsanitized string interpolation via printf. This creates a vulnerability where malicious or malformed input could lead to argument injection or broken JSON structures. While the behavior is aligned with the stated purpose of Xiaohongshu automation, the lack of input sanitization in scripts intended for AI execution poses a risk.
能力评估
Purpose & Capability
The name/description match the included scripts and templates: search, read details/comments, post comments, and publish content via a local MCP service. The SKILL.md and scripts consistently call a local mcporter-based MCP endpoint. Minor inconsistency: the skill uses mcporter and python3 (and references docker/docker-compose) but the registry metadata lists no required binaries — the runtime dependencies are described in SKILL.md but not declared in the skill metadata.
Instruction Scope
Instructions and scripts operate against a local MCP endpoint (mcporter calls to localhost) and local files/templates. They require user-supplied feed_id/xsec_token or payload JSON and do not contact external endpoints directly from the scripts. The workflows and example commands are narrowly scoped to the stated MCP operations.
Install Mechanism
There is no install spec for the skill itself, but the repository includes a docker-compose file that will pull the image xpzouying/xiaohongshu-mcp from an external registry. Pulling and running an unverified container image is a meaningful risk (arbitrary code execution inside the container). The compose file also maps host paths into the container, increasing impact if the image is malicious or compromised. The skill does not provide provenance or verification for that image.
Credentials
The skill declares no required env vars, which matches the metadata, but the docker-compose and setup instructions recommend mounting sensitive host data (cookies.json, Chrome profile, .pki, user-data). Those mounts are plausibly required to preserve login state for automated posting, but they grant the container access to potentially sensitive credentials and browser data. Users should treat those mounts as high-risk and only use trusted images and isolate them appropriately. Also, scripts inject user-supplied content into JSON via printf/cat without escaping — malformed or specially crafted content could break payloads (not necessarily exfiltration but a robustness/injection concern).
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and does not persist changes to global agent config. It does include Docker persistence recommendations for login state, which are scoped to the MCP container and not the agent platform itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-xiaohongshu-mcp - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-xiaohongshu-mcp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Polish store-facing description and README; improve trigger wording and product presentation.
v1.0.0
Initial public release: local Xiaohongshu MCP skill with helper scripts, templates, and relative-path packaging.
元数据
常见问题
OpenClaw Xiaohongshu MCP 是什么?
本地小红书 MCP 工作流技能,支持搜索笔记、读取详情与评论、发表评论与回复、发布图文/视频,并附带可直接复用的 Bash 脚本与发布模板。用户提到“小红书、xiaohongshu、小红书MCP、搜小红书、查小红书、发小红书、发布笔记、小红书评论、小红书详情、笔记发布、内容运营、RedNote”时使用。优先通过... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 154 次。
如何安装 OpenClaw Xiaohongshu MCP?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-xiaohongshu-mcp」即可一键安装,无需额外配置。
OpenClaw Xiaohongshu MCP 是免费的吗?
是的,OpenClaw Xiaohongshu MCP 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenClaw Xiaohongshu MCP 支持哪些平台?
OpenClaw Xiaohongshu MCP 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Xiaohongshu MCP?
由 xiaopeng(@xiaomilizhipeng)开发并维护,当前版本 v1.0.1。
推荐 Skills