Skills
skills/autoclaw-cc/xiaohongshu-mcp-skills/setup-xhs-mcp/Gen Agent Trust Hub

setup-xhs-mcp

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads a docker-compose.yml file from a remote GitHub repository (xpzouying/xiaohongshu-mcp) that is not associated with a trusted vendor or well-known service.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to start Docker services (docker compose up) based on downloaded external configurations and to modify local settings using the claude mcp add utility.
  • [COMMAND_EXECUTION]: The skill reads local application settings from ~/.claude/settings.json to inspect existing Model Context Protocol (MCP) server configurations, exposing local setup details.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 07:59 AM