小红书MCP补丁包

自动检测并修复小红书MCP部署常见问题，包括端口占用、cookie路径、服务状态及超时等待。

Do not run these scripts blindly on a production system. Specific recommendations: - Inspect each script line-by-line before executing. Ensure COOKIE_SOURCE and other paths point to files you control. - Avoid running the one-click script as root or on a multi-user host. kill -9 and broad lsof|xargs patterns can terminate unrelated processes. - Do not start executables directly from /tmp unless you trust the binary. Prefer keeping the MCP binary in a controlled directory and verify its checksum/signature. - Copying cookies around can expose sensitive tokens; ensure you supply the correct cookie file and limit its file permissions. - Run first in an isolated environment (container or VM) to validate behavior and logs (/tmp/mcp.log). - If you want to use this skill, consider modifying scripts to use safer practices (gentle TERM signal before SIGKILL, explicit paths, sanity-checks on files and binaries, fewer blanket file copies). - Metadata mismatch (homepage present in skill.json but registry showed none) is likely packaging sloppiness—confirm source and provenance of the skill before trusting it. If you can provide the actual MCP binary location and intended runtime user, or confirm you will run these in an isolated test VM, that would increase confidence.

Type: OpenClaw Skill Name: xiaohongshu-mcp-patch Version: 1.0.0 The skill bundle contains bash scripts for managing the 'Xiaohongshu MCP' service that perform high-risk operations. Key indicators include scripts that kill processes by port (fix-port.sh), copy sensitive session cookies to potentially world-readable locations like /tmp (fix-cookie.sh), and execute binaries directly from /tmp (check-service.sh). While these actions are consistent with the stated goal of troubleshooting deployment issues, they introduce significant security vulnerabilities regarding credential exposure and insecure execution paths.