Is RedBook Search Comment MCP safe to use?

RedBook Search Comment MCP has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install RedBook Search Comment MCP?

RedBook Search Comment MCP supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with RedBook Search Comment MCP?

RedBook Search Comment MCP is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is RedBook Search Comment MCP actively maintained?

RedBook Search Comment MCP is not actively maintained — last commit was 402 days ago. It has 42 GitHub stars.

RedBook Search Comment MCP

Name: RedBook Search Comment MCP
Author: chenningling

fastmcp · by chenningling

这是一款基于 Playwright 开发的小红书自动搜索和评论工具，作为 MCP Server，可通过特定配置接入 MCP Client，帮助用户自动完成登录小红书、搜索关键词、获取笔记内容及发布智能评论等操作。

42 0 tools GitHub PyPI

No known CVEs

No license

Stale

Last commit 402d ago

Works with most clients

Transport: stdio

0 tools

Grade F

Edit this pageView history

Browser Marketing

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "xiaohongshu MCP": {
      "args": [
        "/绝对路径/到/xiaohongshu_mcp.py",
        "--stdio"
      ],
      "command": "/绝对路径/到/venv/bin/python3"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/redbook-search-comment-mcp)](https://mcppedia.org/s/redbook-search-comment-mcp)

Read me

What RedBook Search Comment MCP does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'fastmcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

43/100across 5 weighted dimensions

How we score →

0255075100

−57

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-32871low · fixedCVSS 3.1

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

## Technical Description The `OpenAPIProvider` in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The `RequestDirector` class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the `_build_url()` method. When an OpenAPI operation defines path parameters (e.g., `/api/v1/users/{user_id}`), the system directly substitutes parameter values into the URL template string **without URL-encoding**. Subsequently, `urll

Affected: >= 0Fixed in 3.2.0source →

CVE-2026-27124medium · fixedCVSS 4

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

## Summary While testing the *GitHubProvider* OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. ## Technical Details An adversary can initi

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-64340low · fixedCVSS 3.1

FastMCP has a Command Injection vulnerability - Gemini CLI

Server names containing shell metacharacters (e.g., `&`) can cause command injection on Windows when passed to `fastmcp install claude-code` or `fastmcp install gemini-cli`. These install paths use `subprocess.run()` with a list argument, but on Windows the target CLIs often resolve to `.cmd` wrappers that are executed through `cmd.exe`, which interprets metacharacters in the flattened command string. PoC: ```python from fastmcp import FastMCP mcp = FastMCP(name="test&calc") @mcp.tool def rol

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-69196medium · fixedCVSS 4

FastMCP OAuth Proxy token reuse across MCP servers

While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the `resource` parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the `base_url` passed to the `OAuthProxy` during initialization. **Affected File:** *https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/server/auth/oauth_proxy.py#L828* **Affected Code:** ```python self._jwt_issuer:

Affected: >= 0Fixed in 2.14.2source →

GHSA-rcfx-77hg-w2wvinfo · fixed

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

There was a recent CVE report on MCP: https://nvd.nist.gov/vuln/detail/CVE-2025-66416. FastMCP does not use any of the affected components of the MCP SDK directly. However, FastMCP versions prior to 2.14.0 did allow MCP SDK versions <1.23 that were vulnerable to CVE-2025-66416. Users should upgrade to FastMCP 2.14.0 or later.

Affected: >= 0Fixed in 2.14.0source →

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is RedBook Search Comment MCP safe to use?: RedBook Search Comment MCP has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install RedBook Search Comment MCP?: RedBook Search Comment MCP supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with RedBook Search Comment MCP?: RedBook Search Comment MCP is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is RedBook Search Comment MCP actively maintained?: RedBook Search Comment MCP is not actively maintained — last commit was 402 days ago. It has 42 GitHub stars.

Similar servers

Others in browser / marketing

View all →

Puppeteer MCP Server98

Browser automation with Puppeteer for web scraping and testing

86.5k 5

Firecrawl Mcp Server95

🔥 Official Firecrawl MCP Server - Adds powerful web scraping and search to Cursor, Claude and any other LLM clients.

6.4k 4

Firecrawl Mcp95

MCP server for Firecrawl — search, scrape, and interact with the web. Supports both cloud and self-hosted instances. Features include web search, scraping, page interaction, batch processing, and LLM-powered content analysis.

6.4k 5

Apify Mcp Server94

The Apify MCP server enables your AI agents to extract data from social media, search engines, maps, e-commerce sites, or any other website using thousands of ready-made scrapers, crawlers, and automation tools available on the Apify Store.

1.3k 1

MCP Security Weekly

Get CVE alerts and security updates for RedBook Search Comment MCP and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Browser Marketing

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "xiaohongshu MCP": {
      "args": [
        "/绝对路径/到/xiaohongshu_mcp.py",
        "--stdio"
      ],
      "command": "/绝对路径/到/venv/bin/python3"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/redbook-search-comment-mcp)](https://mcppedia.org/s/redbook-search-comment-mcp)

Read me

What RedBook Search Comment MCP does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'fastmcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

小红书自动搜索评论工具（MCP Server）

本项目基于 JonaFly/RednoteMCP 并结合我自己的使用经验，进行优化和改进（by windsurf）。在此向原作者表示衷心的感谢！

这是一款基于 Playwright 开发的小红书自动搜索和评论工具，作为 MCP Server，可通过特定配置接入 MCP Client（如Claude for Desktop），帮助用户自动完成登录小红书、搜索关键词、获取笔记内容及发布智能评论等操作。

注：Redbook-Search-Comment-MCP2.0已经发布！直接点击前往使用即可！

2.0主要优化内容如下：

优化了搜索笔记时，标题不显示的问题
新增了多类获取笔记的方法，确保能完整获取笔记内容
重构了评论功能，利用MCP客户端（如Claude）的AI能力生成更自然的评论
将功能模块化，分为笔记分析、评论生成和评论发布三个独立模块

一、功能特点

自动登录：支持手动扫码登录方式，首次登录成功后会保存登录状态，后续使用无需重复扫码。
关键词搜索：能依据用户输入的关键词搜索小红书笔记，并可指定返回结果的数量。
笔记内容获取：输入笔记的 URL，即可获取该笔记的详细内容。
笔记评论获取：通过笔记 URL 获取相应笔记的评论信息。
智能评论发布：支持多种评论类型，包括引流（引导用户关注或私聊）、点赞（简单互动获取好感）、咨询（以问题形式增加互动）、专业（展示专业知识建立权威），可根据需求选择发布。

二、安装步骤

Python 环境准备：确保系统已安装 Python 3.8 或更高版本。若未安装，可从 Python 官方网站下载并安装。
项目获取：将本项目克隆或下载到本地。

创建虚拟环境：在项目目录下创建并激活虚拟环境（推荐）：

# 创建虚拟环境
python3 -m venv venv

# 激活虚拟环境
# Windows
venv\Scripts\activate
# macOS/Linux
source venv/bin/activate

安装依赖：在激活的虚拟环境中安装所需依赖：
```
pip install -r requirements.txt
pip install fastmcp
```
安装浏览器：安装Playwright所需的浏览器：
```
playwright install
```

三、MCP Server 配置

在 MCP Client（如Claude for Desktop）的配置文件中添加以下内容，将本工具配置为 MCP Server：

{
    "mcpServers": {
        "xiaohongshu MCP": {
            "command": "/绝对路径/到/venv/bin/python3",
            "args": [
                "/绝对路径/到/xiaohongshu_mcp.py",
                "--stdio"
            ]
        }
    }
}

重要提示：

请使用虚拟环境中Python解释器的完整绝对路径

例如：/Users/username/Desktop/RedBook-Search-Comment-MCP/venv/bin/python3

同样，xiaohongshu_mcp.py也需要使用完整绝对路径

四、使用方法

（一）启动服务器

直接运行：在项目目录下，激活虚拟环境后执行：
```
python3 xiaohongshu_mcp.py
```
通过 MCP Client 启动：配置好MCP Client后，按照客户端的操作流程进行启动和连接。

（二）主要功能操作

在MCP Client（如Claude for Desktop）中连接到服务器后，可以使用以下功能：

1. 登录小红书

工具函数：

mcp0_login()

在MCP客户端中的使用方式：直接发送以下文本：

帮我登录小红书账号

或：

请登录小红书

功能说明：首次使用时会打开浏览器窗口，等待用户手动扫码登录。登录成功后，工具会保存登录状态。

2. 搜索笔记

工具函数：

mcp0_search_notes(keywords="关键词", limit=5)

在MCP客户端中的使用方式：发送包含关键词的搜索请求：

帮我搜索小红书笔记，关键词为：美食

指定返回数量：

帮我搜索小红书笔记，关键词为旅游，返回10条结果

功能说明：根据关键词搜索小红书笔记，并返回指定数量的结果。默认返回5条结果。

3. 获取笔记内容

工具函数：

mcp0_get_note_content(url="笔记URL")

在MCP客户端中的使用方式：发送包含笔记URL的请求：

帮我获取这个笔记的内容：https://www.xiaohongshu.com/search_result/xxxx

或：

请查看这个小红书笔记的内容：https://www.xiaohongshu.com/search_result/xxxx

功能说明：获取指定笔记URL的详细内容，包括标题、作者、发布时间和正文内容。

4. 获取笔记评论

工具函数：

mcp0_get_note_comments(url="笔记URL")

在MCP客户端中的使用方式：发送包含笔记URL的评论请求：

帮我获取这个笔记的评论：https://www.xiaohongshu.com/search_result/xxxx

或：

请查看这个小红书笔记的评论区：https://www.xiaohongshu.com/search_result/xxxx

功能说明：获取指定笔记URL的评论信息，包括评论者、评论内容和评论时间。

5. 发布智能评论

工具函数：

mcp0_post_smart_comment(url="笔记URL", comment_type="评论类型")

在MCP客户端中的使用方式：发送包含笔记URL和评论类型的请求：

帮我在这个笔记发布专业类型的评论：https://www.xiaohongshu.com/search_result/xxxx

或：

请在这个小红书笔记下发布一条引流评论：https://www.xiaohongshu.com/search_result/xxxx

评论类型参数可选值：

"引流" (默认)：引导用户关注或私聊
"点赞"：简单互动获取好感
"咨询"：以问题形式增加互动
"专业"：展示专业知识建立权威

功能说明：在指定笔记下发布智能评论，系统会根据笔记内容和指定的评论类型自动生成适合的评论内容。

五、代码结构

xiaohongshu_mcp.py：实现主要功能的核心文件，包含登录、搜索、获取内容和评论、发布评论等功能的代码逻辑。
requirements.txt：记录项目所需的依赖库。

六、常见问题与解决方案

连接失败：
- 确保使用了虚拟环境中Python解释器的完整绝对路径
- 确保MCP服务器正在运行
- 尝试重启MCP服务器和客户端
浏览器会话问题：如果遇到Page.goto: Target page, context or browser has been closed错误：
- 重启MCP服务器
- 重新连接并登录
依赖安装问题：如果遇到ModuleNotFoundError错误：
- 确保在虚拟环境中安装了所有依赖
- 检查是否安装了fastmcp包

七、注意事项

浏览器模式：工具使用 Playwright 的非隐藏模式运行，运行时会打开真实浏览器窗口。
登录方式：首次登录需要手动扫码，后续使用若登录状态有效，则无需再次扫码。
平台规则：使用过程中请严格遵守小红书平台的相关规定，避免进行过度操作，防止账号面临封禁等风险。
功能兼容性：由于小红书平台可能会进行更新和调整

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

43/100across 5 weighted dimensions

How we score →

0255075100

−57

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-32871low · fixedCVSS 3.1

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

Affected: >= 0Fixed in 3.2.0source →

CVE-2026-27124medium · fixedCVSS 4

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-64340low · fixedCVSS 3.1

FastMCP has a Command Injection vulnerability - Gemini CLI

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-69196medium · fixedCVSS 4

FastMCP OAuth Proxy token reuse across MCP servers

Affected: >= 0Fixed in 2.14.2source →

GHSA-rcfx-77hg-w2wvinfo · fixed

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

Affected: >= 0Fixed in 2.14.0source →

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is RedBook Search Comment MCP safe to use?: RedBook Search Comment MCP has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install RedBook Search Comment MCP?: RedBook Search Comment MCP supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with RedBook Search Comment MCP?: RedBook Search Comment MCP is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is RedBook Search Comment MCP actively maintained?: RedBook Search Comment MCP is not actively maintained — last commit was 402 days ago. It has 42 GitHub stars.