← 返回 Skills 市场
Xhs Mcp Service
作者
Jackydai-bc
· GitHub ↗
· v1.0.0
· MIT-0
92
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install xhs-mcp-service
功能描述
小红书(XHS/RED)MCP 服务。通过本地 xhs-mcp-server 服务提供完整的小红书操作能力。 当用户提到小红书、红书、XHS、RED、发笔记、搜笔记、小红书运营等任何与小红书相关的操作时使用此技能。 ⚠️ 前置条件:需要先启动 xhs-mcp-server 服务(默认 http://localho...
安全使用建议
What to consider before installing/running:
- This package implements a local automation server that will control your Xiaohongshu account via Puppeteer and stored cookies. If you run it, npm install will download Chromium (Puppeteer) and the service will persist session cookies to data/cookies.json — treat that file as highly sensitive (it contains authentication cookies). Keep it on a trusted machine and with tight file permissions.
- The documentation repeatedly refers to localhost, but the server code defaults to binding XHS_HOST='0.0.0.0' which will accept connections from any network interface. Unless you intentionally need remote access, set XHS_HOST=127.0.0.1 (or the equivalent) before starting, or firewall the port. Exposing the MCP endpoint on the network could allow others to control your account if they can reach the host.
- The code performs real actions (likes, comments, publishes) against the service using your account. Use test accounts for experimentation and be cautious about automated publishing or bulk operations (risk of platform restrictions/ban).
- Review the source (especially src/xhs-tools.js and any code that performs network requests) yourself to ensure there are no unexpected external callbacks or telemetry endpoints. Confirm there are no hardcoded remote endpoints that exfiltrate cookies or data.
- Because SKILL.md uses a hard-coded example Windows path and recommends running login which opens a browser for QR scan, run the project in a controlled environment (VM, container, or isolated host) if you are unsure.
- If you decide to run: (1) audit code, (2) set XHS_HOST=127.0.0.1, (3) restrict port via firewall, (4) protect data/cookies.json, and (5) prefer using a disposable/test account for initial trials.
If you want, I can point to the exact lines/files that set the host binding and the cookies path so you (or your admin) can change them before running.
能力评估
Purpose & Capability
Name/description claim a local xhs-mcp-server to operate Xiaohongshu; the repository contains code (Express + MCP SDK + Puppeteer) implementing exactly that functionality (13 tools: search, like, publish, etc.). The requested files, dependencies (puppeteer, express, @modelcontextprotocol/sdk), and runtime behaviors are proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs installing deps, running login (opens a browser for QR code), starting the local MCP service, and running scripts that read local files and publish content. Those instructions are expected, but notable issues: SKILL.md claims the service endpoint is http://localhost:18060/mcp, yet the server code defaults XHS_HOST to '0.0.0.0' (bind all interfaces) — this mismatches the documentation and could expose the MCP endpoints beyond localhost. The instructions also tell users to run commands in a hard-coded Windows path (D:\work\...), which is a fragile/poorly documented instruction (example path) but not necessarily malicious.
Install Mechanism
This is an instruction-only skill for the agent, with included source files (no automated installer). There is no opaque download URL; package.json declares standard npm dependencies (puppeteer, express, MCP SDK). Puppeteer will download Chromium during npm install (normal behavior). No high-risk remote install steps are embedded in SKILL.md or package.json.
Credentials
The skill declares no required environment variables or credentials. It does use/mention XHS_PROXY and XHS_PORT/XHS_HOST environment variables to configure runtime behavior — appropriate for a local service. The code reads/writes data/cookies.json to persist session cookies; this is necessary for automating a user account but means sensitive authentication cookies are stored on disk. That is expected for the purpose, but it is sensitive and should be treated accordingly.
Persistence & Privilege
The skill is not declared always:true. However, a real risk exists: server code defaults XHS_HOST to '0.0.0.0' (listening on all interfaces) which can expose the MCP API (and thereby operations on the user's Xiaohongshu account via stored cookies) to other machines on the network if firewall/host config is not tightened. This network exposure is inconsistent with the SKILL.md's repeated reference to http://localhost and raises an operational security concern.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xhs-mcp-service - 安装完成后,直接呼叫该 Skill 的名称或使用
/xhs-mcp-service触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
xhs-mcp-service 1.0.0 初始版本发布
- 提供本地 MCP 服务,实现小红书笔记的发文、搜索、点赞、收藏、评论等完整操作能力
- 共13个工具,涵盖登录检测、内容检索、互动、内容发布等功能
- 支持通过 MCPorter 调用简单参数工具,复杂发布操作需使用 Node.js 脚本
- 详细说明部署要求、环境变量及注意事项,便于快速上手
- 强调账号安全、内容限制与 Cookie 管理
元数据
常见问题
Xhs Mcp Service 是什么?
小红书(XHS/RED)MCP 服务。通过本地 xhs-mcp-server 服务提供完整的小红书操作能力。 当用户提到小红书、红书、XHS、RED、发笔记、搜笔记、小红书运营等任何与小红书相关的操作时使用此技能。 ⚠️ 前置条件:需要先启动 xhs-mcp-server 服务(默认 http://localho... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 92 次。
如何安装 Xhs Mcp Service?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xhs-mcp-service」即可一键安装,无需额外配置。
Xhs Mcp Service 是免费的吗?
是的,Xhs Mcp Service 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Xhs Mcp Service 支持哪些平台?
Xhs Mcp Service 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Xhs Mcp Service?
由 Jackydai-bc(@jackydai-bc)开发并维护,当前版本 v1.0.0。
推荐 Skills