← 返回 Skills 市场
273
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install xhs-research-daily
功能描述
Collect Xiaohongshu posts/comments for a research topic, synthesize a daily roundup, and optionally publish it back to Xiaohongshu. Use when building or runn...
安全使用建议
This skill appears to implement what it claims, but review these before installing/using: 1) mcporter is a required runtime dependency even though the registry metadata lists none—ensure you install the official mcporter binary from a trusted source. 2) The client uses the MCPORTER_CONFIG_PATH env var if present, otherwise it falls back to a hardcoded path (/Users/ailor/.openclaw/workspace/config/mcporter.json). Check and, if needed, override MCPORTER_CONFIG_PATH so it points to the correct config on your machine; verify that file's contents (it likely contains tokens/credentials). 3) Because the skill calls a local binary via subprocess, ensure no untrusted mcporter is on PATH (an attacker could replace it). 4) Use --dry-run and inspect data/<topic>/<date>/processed/post_draft.json before running with --publish. 5) If you do use publishing, limit which account the mcporter config logs into and confirm you are comfortable with the skill having the ability to publish on that account. If you want greater assurance, ask the author to: declare mcporter as a required binary, declare MCPORTER_CONFIG_PATH in metadata, and remove or parameterize the hardcoded default config path.
功能分析
Type: OpenClaw Skill
Name: xhs-research-daily
Version: 0.1.0
The skill bundle is a functional tool designed to automate research and posting on Xiaohongshu. It uses a subprocess-based client (xhs_client.py) to interact with an external utility called 'mcporter'. While it handles external commands, it includes an input sanitization method (_escape) to mitigate injection risks, and its behavior is entirely consistent with the stated purpose of data collection and synthesis. No evidence of data exfiltration, unauthorized access, or malicious prompt injection was found.
能力评估
Purpose & Capability
The skill's name, description, and code are coherent: it searches Xiaohongshu, ranks/summarizes posts, and can publish via an MCP service. However the registry metadata lists no required binaries/env vars while the runtime explicitly depends on the 'mcporter' CLI and an MCP configuration file. That mismatch (metadata says 'none' but the runtime needs mcporter) is an inconsistency the installer/user should be aware of.
Instruction Scope
SKILL.md appropriately instructs installing mcporter, logging into the Xiaohongshu account, and using dry-run before publish. The runtime does not attempt to read arbitrary unrelated system files, but it does read or use a local mcporter config (MCPORTER_CONFIG_PATH or a hardcoded default) and writes outputs under data/<topic>/<date>. The instructions are reasonably scoped for the stated purpose.
Install Mechanism
This is instruction-only (no install spec / no remote downloads). That lowers install risk. The only runtime dependency is the mcporter binary invoked via subprocess; there are no embedded downloads or extracted archives in the skill bundle.
Credentials
The skill does not declare required environment variables in the metadata, but the code reads MCPORTER_CONFIG_PATH (and uses it if set). More importantly, XHSClient defaults to a hardcoded config path: '/Users/ailor/.openclaw/workspace/config/mcporter.json'—a user-specific path. The mcporter config is likely to contain service credentials/tokens used to call Xiaohongshu. The skill therefore relies on local credentials indirectly; that is proportionate to publishing but should be declared and surfaced to users before install.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not attempt to modify other skills or system-wide agent settings. It will execute the mcporter binary (via subprocess) which grants it whatever permissions mcporter has on that host—this is expected for a publish client but increases blast radius if mcporter or its config is compromised.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xhs-research-daily - 安装完成后,直接呼叫该 Skill 的名称或使用
/xhs-research-daily触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release: topic-based Xiaohongshu research digest and publishing workflow
元数据
常见问题
XHS Research Daily 是什么?
Collect Xiaohongshu posts/comments for a research topic, synthesize a daily roundup, and optionally publish it back to Xiaohongshu. Use when building or runn... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 273 次。
如何安装 XHS Research Daily?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xhs-research-daily」即可一键安装,无需额外配置。
XHS Research Daily 是免费的吗?
是的,XHS Research Daily 完全免费(开源免费),可自由下载、安装和使用。
XHS Research Daily 支持哪些平台?
XHS Research Daily 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 XHS Research Daily?
由 Zherui Li(@zhrli324)开发并维护,当前版本 v0.1.0。
推荐 Skills