← 返回 Skills 市场
Rednote Mac
作者
Runhui Huang
· GitHub ↗
· v1.3.7
629
总下载
1
收藏
0
当前安装
13
版本数
在 OpenClaw 中安装
/install rednote-mac
功能描述
Control the RedNote (Xiaohongshu) Mac app via macOS Accessibility API. Fills the gap headless tools can't: read/reply to comments on video posts, send DMs, g...
安全使用建议
This skill appears coherent: the files implement Accessibility-driven automation for the RedNote macOS app and the install steps match that goal. Before installing: (1) understand that granting Terminal Accessibility permission lets scripts control every app on your Mac — only enable it if you trust the code and ideally test in a separate/local user account or VM; (2) review install.sh and the Python files yourself (they use pbcopy, screencapture, osascript, cliclick and run local subprocesses — expected for GUI automation); (3) ensure you only enable the plugin when RedNote is a legitimate app you have installed; (4) if you plan to run the MCP server mode, be careful about how mcp is configured (it can expose different transports depending on runtime configuration). If you want more assurance, run the plugin in an isolated account/session and inspect/modify the code to remove any behaviors you don't want.
功能分析
Type: OpenClaw Skill
Name: rednote-mac
Version: 1.3.7
The skill is classified as suspicious due to its reliance on broad macOS Accessibility API permissions, which grant extensive control over the user's system and all applications. While necessary for its stated purpose of controlling the RedNote app, this capability inherently carries significant risk if the skill is compromised or misused, as explicitly warned in `README.md`. Additionally, the `index.ts` file dynamically constructs Python code strings for execution via `execFileAsync`, which is a potential command injection vulnerability, even with `JSON.stringify` for some inputs. The `xhs_controller.py` also executes external binaries like `yt-dlp` with a URL parameter, introducing a risk if a malicious URL were to be processed. There is no clear evidence of intentional malicious behavior such as data exfiltration to external endpoints or persistence mechanisms.
能力评估
Purpose & Capability
Name/description indicate native macOS app automation for RedNote. The code (xhs_controller.py, server.py, index.ts), README, and SKILL.md all implement Accessibility-driven UI control, use cliclick and Python AX libraries, and register tools matching the documented capabilities. Required binaries (cliclick, python3) and the Accessibility permission are appropriate for this purpose. Minor implementation oddity: the Python code uses OWNER_NAME='rednote' and PROCESS_NAME='discover' (pgrep -x 'discover') which looks like a bug/ mismatch but not a sign of unrelated functionality.
Instruction Scope
SKILL.md and README instruct only local actions: install dependencies, grant Terminal Accessibility permission, run install.sh, and invoke tools that take screenshots, click, type, and read AX attributes. No instructions request unrelated files, environment variables, or external endpoints. The documentation is explicit about limitations and the need to keep the app visible. It also warns that Accessibility permission grants control over all apps (correct and important).
Install Mechanism
There is no opaque remote download. install.sh uses Homebrew and pip (or uv sync) to install known packages (cliclick via Homebrew; atomacos, PyObjC, mcp via PyPI). It creates a symlink in ~/.openclaw/extensions to register the plugin. This is standard and proportionate for the skill's functionality.
Credentials
The skill declares no required environment variables or credentials. Code does not embed secrets or request tokens. The only privileged resource required is macOS Accessibility permission, which is necessary for automating GUI actions but is inherently high‑risk — the README and SKILL.md call this out.
Persistence & Privilege
The skill is not always: true and does not request to modify other skills. It creates a symlink under ~/.openclaw/extensions to register itself (normal for a plugin). The significant privilege to note is the macOS Accessibility permission (granted to Terminal) because that allows automated control of any GUI application; the skill legitimately needs it for its purpose, but this amplifies its potential impact if misused. The README suggests running automation in a dedicated user account, which is good guidance.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install rednote-mac - 安装完成后,直接呼叫该 Skill 的名称或使用
/rednote-mac触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.7
Add required binaries/OS/permissions metadata to fix Suspicious scan; declare darwin-only, cliclick+python3 deps
v1.3.6
Expand description with full feature summary
v1.3.5
Restore full SKILL.md body; fix description to single-line string
v1.3.4
Shorten description to fit display limits
v1.3.3
Fix description truncation: change YAML folded block to single-line string
v1.3.2
SKILL.md redesign: scenario-first code blocks instead of tables. Agent-friendly format following github/notion skill style.
v1.3.1
SKILL.md redesign: replaced tables with scenario-first code blocks (following github/notion skill style). Agent-friendly format — each section shows a real usage pattern, not a parameter list.
v1.3.0
Documentation overhaul: SKILL.md fully restructured with proper markdown tables, clear sections, better visual hierarchy. README rewritten with comparison table (rednote-mac vs headless), complete tool reference tables, architecture section. Shorter frontmatter description that doesn't truncate on clawhub.
v1.2.2
Final cleanup: unified all internal names to rednote-mac (removed xhs-mac/xhs-mac-mcp references in server.py, index.ts, openclaw.plugin.json). SKILL_DIR now uses __dirname instead of hardcoded user path. Added explicit Accessibility permission scope warning.
v1.2.1
Clarify Accessibility permission scope: Terminal accessibility grants control over ALL apps, not just RedNote. Added explicit warning and recommendation to use a dedicated user account for automation.
v1.2.0
Security fixes based on clawhub scan: removed unnecessary LLM deps (anthropic/openai/google-generativeai) from pyproject.toml — they were dev artifacts unrelated to AX control. Added cliclick install check to install.sh. Minimal dependency footprint: atomacos + pyobjc + mcp only.
v1.1.0
Security transparency: SKILL.md now explicitly states permissions required (Accessibility API), what install.sh does, scope of App control (RedNote window only), and no-network/no-credentials policy. Improved ref docs.
v1.0.0
Control RedNote (Xiaohongshu) Mac app via Accessibility API. 20 tools: DM, comment reply, video comments, search, like, collect, author stats. OpenClaw Plugin + MCP server. Modular docs for on-demand loading.
元数据
常见问题
Rednote Mac 是什么?
Control the RedNote (Xiaohongshu) Mac app via macOS Accessibility API. Fills the gap headless tools can't: read/reply to comments on video posts, send DMs, g... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 629 次。
如何安装 Rednote Mac?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install rednote-mac」即可一键安装,无需额外配置。
Rednote Mac 是免费的吗?
是的,Rednote Mac 完全免费(开源免费),可自由下载、安装和使用。
Rednote Mac 支持哪些平台?
Rednote Mac 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin)。
谁开发了 Rednote Mac?
由 Runhui Huang(@huangrh99)开发并维护,当前版本 v1.3.7。
推荐 Skills