← 返回 Skills 市场
3306
总下载
20
收藏
14
当前安装
10
版本数
在 OpenClaw 中安装
/install rednote
功能描述
小红书全能助手 — 文案生成、封面制作、内容发布与管理。当用户要求写小红书笔记、生成小红书文案/标题/封面、发小红书、搜索小红书、评论点赞收藏等任何小红书相关操作时使用。支持一站式从文案创作到自动发布的完整流程。封面AI生图需配置可选环境变量(GEMINI_API_KEY 或 IMG_API_KEY 或 HUNY...
安全使用建议
This skill largely does what it claims, but exercise caution before installing or running its scripts:
- Review and understand the scripts (check_env.sh, cover.sh, generate.sh) before running them. They will try to start/launch local services (Xvfb, xhs-mcp) and run a binary from ~/xiaohongshu-mcp.
- Do not supply API keys (Gemini, OpenAI-compatible IMG_API_KEY, HUNYUAN_SECRET_ID/KEY, XHS_AI_API_KEY, etc.) unless you trust the code and the deployed environment; these are sensitive credentials that will be sent to external services.
- The skill reads ~/.openclaw/openclaw.json when asked for available models; consider whether that config contains sensitive info you do not want read. Ask the agent explicitly before it reads local configs.
- If you need to test, run the scripts in an isolated environment (container or VM) and inspect network calls (e.g., with tcpdump) and logs to confirm behavior.
- If you plan to use the MCP/publishing features, independently verify the origin and integrity of the ~/xiaohongshu-mcp binary before placing it in your home directory.
If you are uncomfortable with starting local services or providing cloud API keys, avoid installing or invoking this skill.
功能分析
Type: OpenClaw Skill
Name: rednote
Version: 1.2.4
The skill is classified as suspicious due to several high-risk capabilities and vulnerabilities, although without clear evidence of intentional malice. Key indicators include: 1) The `scripts/cover.sh` script allows arbitrary file reads (LFI) if the agent is prompted to use `__USER_IMAGE__:/path/to/sensitive_file`, copying the file to a temporary location. 2) The `scripts/generate.sh` script uses a user-defined `XHS_AI_API_URL` for `curl` requests, creating a Server-Side Request Forgery (SSRF) vulnerability if an attacker can control this environment variable. 3) The `SKILL.md` instructs the agent to install system-level dependencies, download and execute external binaries from `https://github.com/xpzouying/xiaohongshu-mcp/releases`, and set up persistent systemd services, granting significant system modification and control capabilities, including the use of `xdotool` for GUI automation. These capabilities, while potentially aligned with the skill's stated purpose, introduce critical attack surfaces.
能力评估
Purpose & Capability
The skill claims to generate copy, create covers, and control Xiaohongshu via a local MCP service. The included scripts implement these features (text generation fallback, AI image generation, and MCP calls), so capabilities align with the stated purpose.
Instruction Scope
Runtime instructions and scripts read a user config file (~/.openclaw/openclaw.json) when asked, call local MCP at http://localhost:18060, and run check_env.sh which attempts to start/stop system services (xvfb, xhs-mcp) and launch a binary from ~/xiaohongshu-mcp. These actions go beyond simple API calls and modify/launch local services and processes, which is powerful and may be unexpected to non-technical users.
Install Mechanism
No install spec (instruction-only plus included scripts). There are no network-download install steps in the manifest. The risk comes from executing provided scripts, not from an external installer; this is lower risk than fetching arbitrary executables, but executing included scripts still runs code on the host.
Credentials
The manifest declares no required env vars, but scripts use many sensitive environment variables (GEMINI_API_KEY, IMG_API_KEY, HUNYUAN_SECRET_ID/KEY, IMG_API_BASE, XHS_AI_API_KEY/URL/MODEL, XHS_MCP_URL, etc.). Those variables are consistent with optional image-generation and API fallback features, but the manifest does not enumerate them as required/optional, which is a transparency gap. Supplying cloud API credentials is appropriate for image/text generation but carries sensitive privilege.
Persistence & Privilege
Skill is not marked always:true and does not self-enable other skills. However, check_env.sh may start persistent services (systemd units or background processes) and expects a local MCP binary under ~/xiaohongshu-mcp — the skill can cause long-running processes to be created on the host if executed.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install rednote - 安装完成后,直接呼叫该 Skill 的名称或使用
/rednote触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.4
- 新增了关于封面AI生图所需环境变量(GEMINI_API_KEY、IMG_API_KEY、HUNYUAN_SECRET_ID+KEY)的说明,方便用户配置。
- metadata 增加了对 curl 的要求,体现支持使用 curl 或相关工具。
- 登录流程增加了“手动Cookie”模式,允许用户直接粘贴浏览器Cookie字符串进行登录。
- 其余说明和主要功能未作变动。
v1.2.3
rednote 1.2.3
支持hunyuan生图
v1.2.2
**重大更新:小红书助手新增文案自动生成与智能封面制作,支持全流程内容创作到平台发布。**
- 新增「文案创作流程」,按标题、正文、封面三步生成,均含交互确认环节
- 支持AI生成或用户自选图片自动拼接小红书标准比例封面图,封面生成脚本 cover.sh 新增
- 引入封面/标题/正文规范指南文档 references/title-guide.md、content-guide.md、cover-guide.md
- 发布流程结合内容创作,可一键衔接平台内容发布与管理
- 文案流程支持灵活AI图片生成功能,兼容多种API,提供选项与预设引导
- 技能描述、功能指令全面升级,覆盖文案生成、图片处理与全部小红书平台操作
v1.2.1
No changes detected in the codebase for version 1.2.1.
- No file changes between versions 1.2.0 and 1.2.1.
- This is a metadata-only version increment; all features and documentation remain as before.
v1.2.0
rednote 1.2.0 – 支持小红书内容自动化管理与操作
- 新增完整的“小红书”内容自动化操作说明,覆盖发帖、搜索、评论、推荐获取等功能。
- 详细指引通过本地 MCP 服务(浏览器自动化)实现全部功能,无需直接调用未开放的 API。
- 明确每次操作必须遵循的:前置检查、三步初始化与调用顺序。
- 提供发帖、视频发布、评论、点赞、收藏、用户主页获取等 13 项具体工具的参数与用法。
- 增加登录引导流程,包括两种扫码方式,及二维码生成、发送、和登录验证步骤。
- 收录依赖安装、MCP 部署方法,方便首次配置与异常恢复。
v1.1.0
**Summary: Major update introducing xiaohongshu (小红书) automation via local MCP service.**
- New skill for小红书 content management: posting, searching, commenting, recommendations, and user operations.
- Requires a local browser automation MCP service; detailed step-by-step command usage included.
- Secure session workflow with initialization and per-command session handling.
- Full support for login flows, including QR code and screenshot login with remote validation.
- Extensive toolset: publishing (image/video), search, feed interaction (like, favorite, comment, reply), and user profile retrieval.
- Instructions provided for MCP service installation and environment setup.
v1.0.3
增强提示
v1.0.2
rednote 1.0.2
No code changes detected. Documentation was updated:
- Updated the MCP 服务下载链接至新的 GitHub Releases 地址(xpzouying/xiaohongshu-mcp)。
- 修改下载步骤为下载压缩包并解压,而非直接下载二进制文件。
- 增加了对不同架构(如 macOS M1/M2/M3、Intel、Linux 等)的详细下载和解压说明。
- 其他内容和功能未更改。
v1.0.1
**重大更新:去除旧的脚本与样式文件,迁移为基于 MCP 服务的全新实现。**
- 移除所有本地脚本、工具、渲染模板和旧发布流程文件,全面拥抱 MCP 服务架构。
- 更新说明文档,详尽介绍 MCP 安装、登录与启动步骤,适配新版服务端部署及调用方式。
- 新增对小红书多种操作的 JSON-RPC 工具接口,包括发帖、搜索、评论、推荐拉取、用户查询等。
- 明确每次会话需先初始化 MCP,再发起具体操作调用。
- 分享自动化登录(扫码+验证码)全流程与常见依赖环境配置。
- 重点说明 Xvfb、ImageMagick、zbar 等依赖及用法,替代旧的渲染与发布方案。
v1.0.0
Initial release of RedNote (xiaohongshu) skill.
- Provides publishing, searching, commenting, and recommendation features for 小红书 (Xiaohongshu/RedNote).
- Includes detailed installation and setup guide for the MCP service on Linux and Mac.
- Lists all supported tool methods: login status check, publish text/image/video, search, recommendations, feed detail, comment, and user profile.
- Documents required environment variables and typical usage workflows, including automated QR login process.
- Describes responses to "未登录" (not logged in) status, with guidance for headless login and QR code capture.
元数据
常见问题
小红书 - RedNote 是什么?
小红书全能助手 — 文案生成、封面制作、内容发布与管理。当用户要求写小红书笔记、生成小红书文案/标题/封面、发小红书、搜索小红书、评论点赞收藏等任何小红书相关操作时使用。支持一站式从文案创作到自动发布的完整流程。封面AI生图需配置可选环境变量(GEMINI_API_KEY 或 IMG_API_KEY 或 HUNY... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 3306 次。
如何安装 小红书 - RedNote?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install rednote」即可一键安装,无需额外配置。
小红书 - RedNote 是免费的吗?
是的,小红书 - RedNote 完全免费(开源免费),可自由下载、安装和使用。
小红书 - RedNote 支持哪些平台?
小红书 - RedNote 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 小红书 - RedNote?
由 hiyu(@hi-yu)开发并维护,当前版本 v1.2.4。
推荐 Skills