← 返回 Skills 市场
186
总下载
2
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install xiaohongshu-aio
功能描述
小红书MCP服务下载、启动、重启、检测,小红书多账号管理、登录、状态检查、内容发布、小红书笔记和视频发布、点赞评论操作和用户信息查询等需要调用本技能。当用户需要从小红书获取笔记和视频数据、用户数据、发布笔记或视频时需要调用本技能。
安全使用建议
This skill appears to do what it says: manage Xiaohongshu accounts via a local MCP server. Before installing, consider the following:
- The MCP manager downloads release assets from GitHub and extracts/executables them in your working directory without checksum or signature verification. Only proceed if you trust the repository and release artifacts; inspect the binaries or run in an isolated environment (container or VM).
- The skill stores account cookies in user_cookies.json and writes cookies.json into the MCP server directory when switching accounts. Treat these files as sensitive (they can be used to impersonate accounts) and protect them with filesystem permissions or store them in a secure location.
- The code spawns system commands (lsof, pgrep, netstat, subprocesses) and runs the MCP binary. Ensure you understand and accept these host-level operations on any machine where you run the skill.
- The declared dependency on the 'uv' CLI appears only in documentation/installation steps; confirm you want to install/use that tool and where it will fetch packages from.
If you need higher assurance, request the upstream GitHub repository/author for signed releases or run the skill in an isolated environment and review the downloaded binaries before execution.
功能分析
Type: OpenClaw Skill
Name: xiaohongshu-aio
Version: 0.1.6
The skill bundle contains functionality in `mcp_service.py` to automatically download, extract, and execute binary files from a remote GitHub repository (xpzouying/xiaohongshu-mcp). While this behavior is aligned with the stated purpose of managing an MCP server, the 'download and execute' pattern is a high-risk capability that bypasses standard package management and executes unverified external code. Additionally, the tool manages sensitive authentication cookies in `account.py` and `user_cookies.json`, which could be targeted if the external binaries or the repository were compromised.
能力评估
Purpose & Capability
Name, README, SKILL.md and included Python modules implement Xiaohongshu MCP client functionality (account mgmt, login, publish, feed, MCP server management). Required env var XHS_MCP_BASE_URL and binaries (python, uv) match documented usage (the CLI uses 'uv' commands in docs).
Instruction Scope
SKILL.md directs local operations against an MCP server (start/stop/status/download), account cookie read/write, and HTTP calls to the MCP API. It does not request unrelated host files or additional credentials beyond the MCP base URL. The instructions explicitly tell the agent to run local commands and manage cookies, which aligns with purpose.
Install Mechanism
No formal install spec in registry, but the package contains Python code and an MCP manager that fetches release assets from GitHub (api.github.com + asset browser_download_url), downloads archives, extracts them into the working directory and sets executable bits. This is expected for installing server binaries, but the code performs extraction and makes binaries executable without checksum/signature verification — a moderate operational risk that a user should review.
Credentials
Declared environment variables (XHS_MCP_BASE_URL, fallback XHS_BASE_URL, XHS_TIMEOUT, XHS_VERIFY_SSL) are relevant to contacting the MCP server. No unrelated secrets or extra service credentials are requested. Note: the registry marks XHS_MCP_BASE_URL as the "primary credential" even though it's a URL, not a secret key.
Persistence & Privilege
Skill writes local files (user_cookies.json, writes cookies.json into the MCP server directory when switching accounts) and may download and execute MCP binaries. always:false and no cross-skill modifications. These behaviors are coherent with the purpose but grant the skill ability to persist sensitive cookies locally and to run downloaded binaries — consider isolation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xiaohongshu-aio - 安装完成后,直接呼叫该 Skill 的名称或使用
/xiaohongshu-aio触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.6
- Added built-in MCP 服务器下载、启动、停止、重启和状态检测命令,简化环境依赖管理
- 删除 check-service.sh、download_mcp.sh 等 shell 工具,相关功能集成到 CLI
- 新增 mcp_service.py,统一管理服务器相关流程和命令接口
- 优化并统一命令结构:所有服务器操作均可用 `xhs mcp ...` 命令完成
- 文档全面更新,明确强调“一体化”管理与全流程自动化体验
- 其他细节修正和结构调整,提升技能易用性
v0.1.0
xiaohongshu-aio v0.1.0 — 小红书 MCP 客户端技能首发
- 新增账号管理:支持添加、删除、列出、切换、导入账号与切换账号 cookies
- 集成登录流程:包含登录状态检查、二维码扫码登录和登出
- 支持内容发布:可发布图文、视频内容,支持标签参数
- 提供 Feed 管理和内容搜索、详情获取功能
- 支持互动操作:点赞、收藏、发表评论
- 查询当前及其他用户信息
- 依赖小红书 MCP 服务器、httpx、typer、pydantic、rich
- 提供详细说明文档和常见问题排查指南
元数据
常见问题
小红书操作全集 Xiaohongshu All In One 基于api接口稳定快速 是什么?
小红书MCP服务下载、启动、重启、检测,小红书多账号管理、登录、状态检查、内容发布、小红书笔记和视频发布、点赞评论操作和用户信息查询等需要调用本技能。当用户需要从小红书获取笔记和视频数据、用户数据、发布笔记或视频时需要调用本技能。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 186 次。
如何安装 小红书操作全集 Xiaohongshu All In One 基于api接口稳定快速?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xiaohongshu-aio」即可一键安装,无需额外配置。
小红书操作全集 Xiaohongshu All In One 基于api接口稳定快速 是免费的吗?
是的,小红书操作全集 Xiaohongshu All In One 基于api接口稳定快速 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
小红书操作全集 Xiaohongshu All In One 基于api接口稳定快速 支持哪些平台?
小红书操作全集 Xiaohongshu All In One 基于api接口稳定快速 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 小红书操作全集 Xiaohongshu All In One 基于api接口稳定快速?
由 CN-P5(@cn-p5)开发并维护,当前版本 v0.1.6。
推荐 Skills