Is Redbook Search Comment MCP2.0 safe to use?

Redbook Search Comment MCP2.0 has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Redbook Search Comment MCP2.0?

Redbook Search Comment MCP2.0 supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Redbook Search Comment MCP2.0 do?

Redbook Search Comment MCP2.0 provides 6 tools: mcp0_login, mcp0_search_notes, mcp0_get_note_content, mcp0_get_note_comments, mcp0_post_smart_comment and 1 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Redbook Search Comment MCP2.0?

Redbook Search Comment MCP2.0 is compatible with claude-desktop, cursor, claude-code, windsurf. It uses stdio transport.

Is Redbook Search Comment MCP2.0 actively maintained?

Redbook Search Comment MCP2.0 is less actively maintained — last commit was 332 days ago. It has 423 GitHub stars.

Redbook Search Comment MCP2.0

Name: Redbook Search Comment MCP2.0
Author: chenningling

fastmcp · by chenningling

这是一款基于 Playwright 开发的小红书自动搜索和评论工具，作为 MCP Server，可通过特定配置接入 MCP Client（如Claude for Desktop），帮助用户自动完成登录小红书、搜索关键词、获取笔记内容及发布AI生成评论等操作。

423 6 tools GitHub PyPI

No known CVEs

No license

Stale

Last commit 332d ago

Works with most clients

Transport: stdio

6 tools · ~538 tok

Grade B · 0.3% of 200K ctx

Edit this pageView history

Browser Marketing

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "xiaohongshu MCP": {
      "args": [
        "/绝对路径/到/xiaohongshu_mcp.py",
        "--stdio"
      ],
      "command": "/绝对路径/到/venv/bin/python3"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/redbook-search-comment-mcp2-0)](https://mcppedia.org/s/redbook-search-comment-mcp2-0)

Read me

What Redbook Search Comment MCP2.0 does

本项目基于 JonaFly/RednoteMCP 并结合多次实战经验，进行全面优化和功能扩展（by windsurf）。在此向原作者的贡献表示由衷的感谢！

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'fastmcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

75/100across 5 weighted dimensions

How we score →

0255075100

−25

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-32871low · fixedCVSS 3.1

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

## Technical Description The `OpenAPIProvider` in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The `RequestDirector` class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the `_build_url()` method. When an OpenAPI operation defines path parameters (e.g., `/api/v1/users/{user_id}`), the system directly substitutes parameter values into the URL template string **without URL-encoding**. Subsequently, `urll

Affected: >= 0Fixed in 3.2.0source →

CVE-2026-27124medium · fixedCVSS 4

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

## Summary While testing the *GitHubProvider* OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. ## Technical Details An adversary can initi

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-64340low · fixedCVSS 3.1

FastMCP has a Command Injection vulnerability - Gemini CLI

Server names containing shell metacharacters (e.g., `&`) can cause command injection on Windows when passed to `fastmcp install claude-code` or `fastmcp install gemini-cli`. These install paths use `subprocess.run()` with a list argument, but on Windows the target CLIs often resolve to `.cmd` wrappers that are executed through `cmd.exe`, which interprets metacharacters in the flattened command string. PoC: ```python from fastmcp import FastMCP mcp = FastMCP(name="test&calc") @mcp.tool def rol

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-69196medium · fixedCVSS 4

FastMCP OAuth Proxy token reuse across MCP servers

While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the `resource` parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the `base_url` passed to the `OAuthProxy` during initialization. **Affected File:** *https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/server/auth/oauth_proxy.py#L828* **Affected Code:** ```python self._jwt_issuer:

Affected: >= 0Fixed in 2.14.2source →

GHSA-rcfx-77hg-w2wvinfo · fixed

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

There was a recent CVE report on MCP: https://nvd.nist.gov/vuln/detail/CVE-2025-66416. FastMCP does not use any of the affected components of the MCP SDK directly. However, FastMCP versions prior to 2.14.0 did allow MCP SDK versions <1.23 that were vulnerable to CVE-2025-66416. Users should upgrade to FastMCP 2.14.0 or later.

Affected: >= 0Fixed in 2.14.0source →

Inventory

Tools (6)

Click any tool to inspect its schema.

~538 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Redbook Search Comment MCP2.0 safe to use?: Redbook Search Comment MCP2.0 has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Redbook Search Comment MCP2.0?: Redbook Search Comment MCP2.0 supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Redbook Search Comment MCP2.0 do?: Redbook Search Comment MCP2.0 provides 6 tools: mcp0_login, mcp0_search_notes, mcp0_get_note_content, mcp0_get_note_comments, mcp0_post_smart_comment and 1 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Redbook Search Comment MCP2.0?: Redbook Search Comment MCP2.0 is compatible with claude-desktop, cursor, claude-code, windsurf. It uses stdio transport.
Is Redbook Search Comment MCP2.0 actively maintained?: Redbook Search Comment MCP2.0 is less actively maintained — last commit was 332 days ago. It has 423 GitHub stars.

Similar servers

Others in browser / marketing

View all →

Open WebSearch96

Multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval — skill-guided workflows, no API keys.

1.2k 4

Firecrawl Mcp95

MCP server for Firecrawl — search, scrape, and interact with the web. Supports both cloud and self-hosted instances. Features include web search, scraping, page interaction, batch processing, and LLM-powered content analysis.

6.3k 5

Firecrawl Mcp Server95

🔥 Official Firecrawl MCP Server - Adds powerful web scraping and search to Cursor, Claude and any other LLM clients.

6.3k 4

Apify Mcp Server94

The Apify MCP server enables your AI agents to extract data from social media, search engines, maps, e-commerce sites, or any other website using thousands of ready-made scrapers, crawlers, and automation tools available on the Apify Store.

1.2k 1

MCP Security Weekly

Get CVE alerts and security updates for Redbook Search Comment MCP2.0 and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Browser Marketing

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "xiaohongshu MCP": {
      "args": [
        "/绝对路径/到/xiaohongshu_mcp.py",
        "--stdio"
      ],
      "command": "/绝对路径/到/venv/bin/python3"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/redbook-search-comment-mcp2-0)](https://mcppedia.org/s/redbook-search-comment-mcp2-0)

Read me

What Redbook Search Comment MCP2.0 does

本项目基于 JonaFly/RednoteMCP 并结合多次实战经验，进行全面优化和功能扩展（by windsurf）。在此向原作者的贡献表示由衷的感谢！

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'fastmcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

小红书自动搜索评论工具（MCP Server 2.0）

English | 中文

本项目基于 JonaFly/RednoteMCP 并结合多次实战经验，进行全面优化和功能扩展（by windsurf）。在此向原作者的贡献表示由衷的感谢！

主要特点与优势

深度集成AI能力：利用MCP客户端（如Claude）的大模型能力，生成更自然、更相关的评论内容
模块化设计：将功能分为笔记分析、评论生成和评论发布三个独立模块，提高代码可维护性
强大的内容获取能力：集成多种获取笔记内容的方法，确保能完整获取各类笔记的标题、作者和正文内容
持久化登录：使用持久化浏览器上下文，首次登录后无需重复登录
两步式评论流程：先获取笔记分析结果，然后由MCP客户端生成并发布评论

2.0版本主要优化

内容获取增强：重构了笔记内容获取模块，增加页面加载等待时间和滚动操作，实现四种不同的内容获取方法
AI评论生成：重构评论功能，将笔记分析结果返回给MCP客户端，由客户端的AI能力生成更自然、更相关的评论
功能模块化：将功能分为笔记分析、评论生成和评论发布三个独立模块，提高代码可维护性
搜索结果优化：解决了搜索笔记时标题不显示的问题，提供更完整的搜索结果
错误处理增强：添加更详细的错误处理和调试信息输出

一、核心功能

1. 用户认证与登录

持久化登录：支持手动扫码登录，首次登录后保存状态，后续使用无需重复扫码
登录状态管理：自动检测登录状态，并在需要时提示用户登录

2. 内容发现与获取

智能关键词搜索：支持多关键词搜索，可指定返回结果数量，并提供完整的笔记信息
多维度内容获取：集成四种不同的获取方法，确保能准确获取笔记的标题、作者、发布时间和正文内容
评论数据获取：支持获取笔记的评论内容，包括评论者、评论文本和时间信息

3. 内容分析与生成

笔记内容分析：自动分析笔记内容，提取关键信息并识别笔记所属领域
AI评论生成：利用MCP客户端（如Claude）的AI能力，基于笔记内容生成自然、相关的评论
多类型评论支持：支持四种不同类型的评论生成：
- 引流型：引导用户关注或私聊
- 点赞型：简单互动获取好感
- 咨询型：以问题形式增加互动
- 专业型：展示专业知识建立权威

4. 数据返回与反馈

结构化数据返回：将笔记分析结果以JSON格式返回给MCP客户端，便于AI生成评论
评论发布反馈：提供评论发布结果的实时反馈

二、安装步骤

Python 环境准备：确保系统已安装 Python 3.8 或更高版本。若未安装，可从 Python 官方网站下载并安装。
项目获取：将本项目克隆或下载到本地。

创建虚拟环境：在项目目录下创建并激活虚拟环境（推荐）：

# 创建虚拟环境
python3 -m venv venv

# 激活虚拟环境
# Windows
venv\Scripts\activate
# macOS/Linux
source venv/bin/activate

安装依赖：在激活的虚拟环境中安装所需依赖：
```
pip install -r requirements.txt
pip install fastmcp
```
安装浏览器：安装Playwright所需的浏览器：
```
playwright install
```

三、MCP Server 配置

在 MCP Client（如Claude for Desktop）的配置文件中添加以下内容，将本工具配置为 MCP Server：

Mac 配置示例

{
    "mcpServers": {
        "xiaohongshu MCP": {
            "command": "/绝对路径/到/venv/bin/python3",
            "args": [
                "/绝对路径/到/xiaohongshu_mcp.py",
                "--stdio"
            ]
        }
    }
}

Windows 配置示例

{
    "mcpServers": {
        "xiaohongshu MCP": {
            "command": "C:\\Users\\username\\Desktop\\MCP\\Redbook-Search-Comment-MCP2.0\\venv\\Scripts\\python.exe",
            "args": [
                "C:\\Users\\username\\Desktop\\MCP\\Redbook-Search-Comment-MCP2.0\\xiaohongshu_mcp.py",
                "--stdio"
            ]
        }
    }
}

重要提示：

请使用虚拟环境中Python解释器的完整绝对路径

Mac示例：/Users/username/Desktop/RedBook-Search-Comment-MCP/venv/bin/python3

Windows示例：C:\Users\username\Desktop\MCP\Redbook-Search-Comment-MCP2.0\venv\Scripts\python.exe

同样，xiaohongshu_mcp.py也需要使用完整绝对路径

Windows路径中的反斜杠在JSON中需要双重转义（使用 \）

Python 命令区分（python 与 python3）

不同系统环境中，Python 命令可能有所不同，这取决于您的系统配置。以下是如何确定您应该使用哪个命令：

确定您的 Python 命令：
- 在终端中运行：python --version 和 python3 --version
- 查看哪个命令返回 Python 3.x 版本（本项目需要 Python 3.8+）
在虚拟环境中确认：
- 激活虚拟环境后，运行 which python 或 where python（Windows）
- 这将显示 Python 解释器的完整路径
配置中使用正确的命令：
- Mac：通常为 python3 或虚拟环境中的 python
- Windows：通常为 python 或 python.exe

在配置文件中，始终使用虚拟环境中 Python 解释器的完整绝对路径，而不是命令名称。

四、使用方法

（一）启动服务器

直接运行：在项目目录下，激活虚拟环境后执行：
```
python3 xiaohongshu_mcp.py
```
通过 MCP Client 启动：配置好MCP Client后，按照客户端的操作流程进行启动和连接。

（二）主要功能操作

在MCP Client（如Claude for Desktop）中连接到服务器后，可以使用以下功能：

1. 登录小红书

工具函数：

mcp0_login()

在MCP客户端中的使用方式：直接发送以下文本：

帮我登录小红书账号

或：

请登录小红书

功能说明：首次使用时会打开浏览器窗口，等待用户手动扫码登录。登录成功后，工具会保存登录状态。

2. 搜索笔记

工具函数：

mcp0_search_notes(keywords="关键词", limit=5)

在MCP客户端中的使用方式：发送包含关键词的搜索请求：

帮我搜索小红书笔记，关键词为：美食

指定返回数量：

帮我搜索小红书笔记，关键词为旅游，返回10条结果

功能说明：根据关键词搜索小红书笔记，并返回指定数量的结果。默认返回5条结果。

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

75/100across 5 weighted dimensions

How we score →

0255075100

−25

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-32871low · fixedCVSS 3.1

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

Affected: >= 0Fixed in 3.2.0source →

CVE-2026-27124medium · fixedCVSS 4

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-64340low · fixedCVSS 3.1

FastMCP has a Command Injection vulnerability - Gemini CLI

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-69196medium · fixedCVSS 4

FastMCP OAuth Proxy token reuse across MCP servers

Affected: >= 0Fixed in 2.14.2source →

GHSA-rcfx-77hg-w2wvinfo · fixed

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

Affected: >= 0Fixed in 2.14.0source →

Inventory

Tools (6)

Click any tool to inspect its schema.

~538 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Redbook Search Comment MCP2.0 safe to use?: Redbook Search Comment MCP2.0 has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Redbook Search Comment MCP2.0?: Redbook Search Comment MCP2.0 supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Redbook Search Comment MCP2.0 do?: Redbook Search Comment MCP2.0 provides 6 tools: mcp0_login, mcp0_search_notes, mcp0_get_note_content, mcp0_get_note_comments, mcp0_post_smart_comment and 1 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Redbook Search Comment MCP2.0?: Redbook Search Comment MCP2.0 is compatible with claude-desktop, cursor, claude-code, windsurf. It uses stdio transport.
Is Redbook Search Comment MCP2.0 actively maintained?: Redbook Search Comment MCP2.0 is less actively maintained — last commit was 332 days ago. It has 423 GitHub stars.