xiaohongshu-mcp

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] The described skill legitimately automates Xiaohongshu content operations via a local helper server and Python client. There is no direct evidence in the provided instructions of malicious code, hard-coded secrets, or obfuscation. However, the distribution model (download-and-execute native binaries from GitHub Releases without integrity verification) creates a significant supply-chain and privilege risk: a compromised or malicious binary could exfiltrate session tokens, perform unwanted actions on the user's account, or persist on the host. Recommended actions: verify release authenticity (checksums/signatures), run binaries in an isolated environment, prefer building from source, avoid passing tokens on CLIs, and audit the native server binary/source before trusting it with account credentials. LLM verification: This skill's documentation and functionality are consistent with its stated purpose (Xiaohongshu automation). The main security concern is the required download-and-execute of prebuilt native binaries from GitHub Releases with no checksum/signature guidance and a recommendation to run in headless (hidden) mode — a high-value authenticated session lives inside the local MCP server. There is no direct evidence of malicious code in the provided skill files themselves, but the download-execute patte