xiaohongshu-mcp-integration

SUSPICIOUS. The skill’s capabilities broadly match its stated Xiaohongshu automation purpose, but its footprint is high-risk: it installs and runs third-party upstream binaries/containers from a different publisher than the skill author, stores authenticated session state, accesses local media, and enables autonomous public posting and engagement. This is not confirmed malware, but it is a materially risky automation skill that should only be used with strong user oversight and preference for source build or pinned verified artifacts.