skills/tclawde/xiaohongshu-mcp-skill/xiaohongshu-mcp/Socket

xiaohongshu-mcp

Warn

Audited by Socket on Feb 24, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

[Skill Scanner] Outbound data post or form upload via curl/wget detected All findings: [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] BENIGN: The supplied skill appears to be a legitimate automation/administration toolkit for Xiaohongshu MCP workflows, with local server interaction and CLI/Python clients. While there are typical security considerations (sensitive cookies, tokens, local API exposure) that warrant secure handling, there is no evidence in the fragment of malicious behavior, credential harvesting, or external data exfiltration. The footprint is coherent with the stated purpose of providing 13 MCP tools and automation capabilities via a local API and script-based interfaces. LLM verification: The provided SKILL.md documents a legitimate-seeming local automation skill that performs account actions on Xiaohongshu through a local MCP server. I found no direct evidence in the provided fragment of obfuscation, embedded backdoors, or explicit exfiltration to remote attacker domains. Primary risks are: (1) unverified native MCP binary and omitted install/login scripts — they are the main supply-chain attack surface and must be audited before trusting; (2) plaintext storage of cookies/tokens

Confidence: 75%Severity: 75%

Audit Metadata

Analyzed At

Feb 24, 2026, 04:07 PM

Package URL

pkg:socket/skills-sh/tclawde%2Fxiaohongshu-mcp-skill%2Fxiaohongshu-mcp%2F@5cc86b2c2e6f02aaf6887c74d53c274b6cba6e5e