← 返回 Skills 市场
885
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install xiaohongshu-login
功能描述
小红书 MCP 登录流程。当用户需要登录小红书、小红书登录过期、或需要获取小红书登录二维码时使用此 skill。
安全使用建议
Before installing/using this skill, verify the execution environment and confirm assumptions: (1) Ensure mcporter is available and authenticated in your environment — the skill relies on mcporter calls. (2) The SKILL.md expects Node.js (child_process.execSync) and a local 'read' tool; the skill metadata does not declare these — provide or adapt them or request the author to declare requirements. (3) Replace the hard-coded path (/Users/chen/.openclaw/workspace/xhs_login.png) with a workspace-relative or configurable path to avoid overwriting someone else's files. (4) The instructions include sending the image to Feishu but declare no Feishu credentials; confirm how authentication is handled and whether sending images externally is acceptable. (5) The Node snippet uses shell exec and a regex to extract base64 — this is brittle and can mis-parse output or be abused; prefer structured output or safer parsing if possible. (6) If you must use the skill, run it in a controlled environment with limited permissions and review the exact commands it will run. Ask the skill author to (a) declare required runtimes/tools and credentials, (b) avoid hard-coded paths, and (c) avoid shelling untrusted output without sanitization. If these clarifications are not provided, treat the skill as risky to use with sensitive accounts or on a personal machine.
功能分析
Type: OpenClaw Skill
Name: xiaohongshu-login
Version: 1.0.0
The skill is classified as suspicious due to the hardcoded absolute path `/Users/chen/.openclaw/workspace/xhs_login.png` used for saving, displaying, and sending the QR code image in `SKILL.md`. While the intent is to save a temporary image for a legitimate login flow, hardcoding an absolute path to a specific user's home directory is a significant vulnerability and bad practice. It introduces portability issues and could lead to file system errors or, in specific environments, potential information leakage or overwrite if the path were to resolve to a sensitive location or be manipulated via symlinks. There is no evidence of intentional malicious behavior like data exfiltration or backdoors.
能力评估
Purpose & Capability
The skill claims to implement Xiaohongshu MCP login (check status, get QR, reset). That purpose is plausible for the commands shown (mcporter calls). However the SKILL.md also uses Node.js code, a 'read' tool, and a 'message ... channel=feishu' command to transmit files. The skill metadata declares no required binaries, runtimes, or credentials, so the run-time assumptions (Node, read, Feishu messaging) are not reflected in requirements — this is an inconsistency.
Instruction Scope
Instructions tell the agent to run mcporter commands, use a Node.js execSync snippet to parse output with a regex, write a PNG to a hard-coded user path (/Users/chen/.openclaw/workspace/xhs_login.png), display it via a local 'read' tool, and optionally send it to Feishu. These steps include file I/O on a user home path and an instruction to transmit a local file externally; the SKILL.md gives the agent broad discretion (execSync with shell) and uses brittle regex-based parsing that could mis-handle output. The skill also assumes tools and credentials not declared.
Install Mechanism
No install spec and no code files: instruction-only skill (lowest installer risk). Nothing is being downloaded or written by an installer step.
Credentials
The skill declares no required environment variables or primary credential, yet the instructions rely on services (Feishu messaging) that typically require credentials, and on mcporter being available and authenticated. It also uses a hard-coded file path under a specific user account ('chen') which is environment-specific and may improperly access or overwrite user files. The lack of declared credentials for external transmission is disproportionate to the stated purpose.
Persistence & Privilege
always is false and the skill is user-invocable; there is no request for persistent, always-on presence or modification of other skills/system-wide settings. The skill does write a file to disk during operation, but that is a normal runtime action for this flow.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install xiaohongshu-login - 安装完成后,直接呼叫该 Skill 的名称或使用
/xiaohongshu-login触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
初始版本 - 小红书登录流程自动化
元数据
常见问题
小红书登录 是什么?
小红书 MCP 登录流程。当用户需要登录小红书、小红书登录过期、或需要获取小红书登录二维码时使用此 skill。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 885 次。
如何安装 小红书登录?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install xiaohongshu-login」即可一键安装,无需额外配置。
小红书登录 是免费的吗?
是的,小红书登录 完全免费(开源免费),可自由下载、安装和使用。
小红书登录 支持哪些平台?
小红书登录 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 小红书登录?
由 undefined(@fe-room)开发并维护,当前版本 v1.0.0。
推荐 Skills