by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill appears to do what it says (drive Xiaohongshu through an MCP server implemented with Node + Playwright), but you should take precautions before installing: 1) Inspect the GitHub repository and any install.sh script before running it — piping remote scripts to bash is risky. 2) Treat cookies.json as sensitive (it contains authentication). Store it with restrictive permissions (chmod 600), keep it local, and consider using a throwaway/test account. 3) Consider cloning and reviewing the ...详细分析 ▾
ℹ 用途与能力
The skill claims to provide Xiaohongshu automation via an external MCP server (xiaohongshu-mcp-node). The required runtimes (Node >=20, Playwright/Chromium) and the described CLI tools match that purpose. Minor inconsistency: metadata lists no required env vars, but the SKILL.md and examples reference environment entries (HEADLESS, COOKIES_PATH) and expect a cookies.json file for authentication.
⚠ 指令范围
SKILL.md instructs the user/agent to clone, npm install, build, run login flows, and run the MCP server; it also expects local file paths (images, video) and will download image URLs. The quick-start recommends piping a remote install.sh via curl | bash (raw.githubusercontent.com), which grants arbitrary remote script execution. The instructions do not ask the agent to read unrelated system credentials, but they do rely on local cookie files which are sensitive.
⚠ 安装机制
There is no formal install spec in the registry; installation is instruction-driven and requires cloning a GitHub repo and running npm scripts. The quick-start includes a high-risk pattern (curl -fsSL <raw.githubusercontent> | bash). Building and running third‑party code from GitHub and running its npm scripts is expected for this functionality but constitutes a supply‑chain and code‑execution risk that should be audited.
ℹ 凭证需求
The skill does not declare required credentials in registry metadata, but runtime usage depends on a local cookies.json (authentication) and optional env vars (COOKIES_PATH, HEADLESS). Cookies are equivalent to account credentials and must be protected; the skill's claims that cookies remain local are unverifiable from the docs alone. No unrelated cloud credentials or extra secrets are requested, which is appropriate.
✓ 持久化与权限
always:false and model invocation is allowed (default). The skill runs an external MCP server process configured by the user; it does not request elevated or permanent platform privileges, nor does it claim to modify other skills or global agent settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/3/20
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install xiaohongshu-mcp-node-skill
镜像加速npx clawhub@latest install xiaohongshu-mcp-node-skill --registry https://cn.longxiaskill.com